Difference between revisions of "Optimizations (tuning)"
From Tech-Wiki
| (One intermediate revision by the same user not shown) | |||
| Line 3: | Line 3: | ||
You can improving memory usage to avoid entering into conserve mode. | You can improving memory usage to avoid entering into conserve mode. | ||
| − | Session timer | + | Session timer optimizations |
config system global | config system global | ||
set tcp-halfclose-timer 30 [ default 120 s ] | set tcp-halfclose-timer 30 [ default 120 s ] | ||
| Line 29: | Line 29: | ||
DNS cache optimization | DNS cache optimization | ||
config system dns | config system dns | ||
| − | set dns-cache-limit 300 [ default: | + | set dns-cache-limit 300 [ default: 1800 ] |
end | end | ||
| Line 73: | Line 73: | ||
Reducing impact on new policy install | Reducing impact on new policy install | ||
config system settings | config system settings | ||
| − | + | set firewall-session-dirty check-new | |
To reduce the percentage of space allocated on the Internal disk for web caching to 80% (resulting in the amount of space for byte caching increasing to 20%) | To reduce the percentage of space allocated on the Internal disk for web caching to 80% (resulting in the amount of space for byte caching increasing to 20%) | ||
Latest revision as of 18:37, 23 August 2020
You can improving memory usage to avoid entering into conserve mode.
Session timer optimizations
config system global
set tcp-halfclose-timer 30 [ default 120 s ]
set tcp-halfopen-timer 10 [ default 60 s ]
set tcp-timewait-timer 0 [ default 120 s ]
set udp-idle-timer 40 [ default 180 s ]
end
config system session-ttl
set default 180 [ default 300 ]
config port
edit 0
set protocol 17
set timeout 10
set end-port 53
set start-port 53
end
end
Reduce the FortiGuard services for the cache
config system fortiguard set webfilter-cache-ttl 500 [ default 3600 ] set antispam-cache-ttl 500 [ default 1800 ] end
DNS cache optimization
config system dns set dns-cache-limit 300 [ default: 1800 ] end
Disable options for DNS forwarding
config system dns unset fwdintf end
Delete dns-udp session-helper
config system session-helper delete 14 [ 14 is references number for dns-udp ] end
Reduce the maximum file size for antivirus scanning
Go to Policy > Proxy Options > Common Options > Change: Amount (bytes)
Limit the space allocated for WAN optimization to 20GB
config wanopt storage edit Internal set size 20000 end
Specify amount of disk reserved for log
config log disk setting set log-quota 10240
Force schedule rule to shut sessions at time (instead of keep active sessions)
config firewall policy edit 2 (whichever is the schedule policy) set schedule-timeout enable end
Set session TTL
config firewall service custom
edit "SSH"
set session-ttl 600
Or you can do:
config firewall policy
edit 10
set session-ttl 300
Reducing impact on new policy install
config system settings set firewall-session-dirty check-new
To reduce the percentage of space allocated on the Internal disk for web caching to 80% (resulting in the amount of space for byte caching increasing to 20%)
config wanopt storage edit Internal set webcache-storage-percentage 80 end