Difference between revisions of "Optimizations (tuning)"
From Tech-Wiki
(2 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
You can improving memory usage to avoid entering into conserve mode. | You can improving memory usage to avoid entering into conserve mode. | ||
− | Session timer | + | Session timer optimizations |
config system global | config system global | ||
set tcp-halfclose-timer 30 [ default 120 s ] | set tcp-halfclose-timer 30 [ default 120 s ] | ||
Line 29: | Line 29: | ||
DNS cache optimization | DNS cache optimization | ||
config system dns | config system dns | ||
− | set dns-cache-limit 300 [ default: | + | set dns-cache-limit 300 [ default: 1800 ] |
end | end | ||
Line 35: | Line 35: | ||
config system dns | config system dns | ||
unset fwdintf | unset fwdintf | ||
− | + | end | |
Delete dns-udp session-helper | Delete dns-udp session-helper | ||
Line 73: | Line 73: | ||
Reducing impact on new policy install | Reducing impact on new policy install | ||
config system settings | config system settings | ||
− | + | set firewall-session-dirty check-new | |
To reduce the percentage of space allocated on the Internal disk for web caching to 80% (resulting in the amount of space for byte caching increasing to 20%) | To reduce the percentage of space allocated on the Internal disk for web caching to 80% (resulting in the amount of space for byte caching increasing to 20%) |
Latest revision as of 18:37, 23 August 2020
You can improving memory usage to avoid entering into conserve mode.
Session timer optimizations
config system global set tcp-halfclose-timer 30 [ default 120 s ] set tcp-halfopen-timer 10 [ default 60 s ] set tcp-timewait-timer 0 [ default 120 s ] set udp-idle-timer 40 [ default 180 s ] end config system session-ttl set default 180 [ default 300 ] config port edit 0 set protocol 17 set timeout 10 set end-port 53 set start-port 53 end end
Reduce the FortiGuard services for the cache
config system fortiguard set webfilter-cache-ttl 500 [ default 3600 ] set antispam-cache-ttl 500 [ default 1800 ] end
DNS cache optimization
config system dns set dns-cache-limit 300 [ default: 1800 ] end
Disable options for DNS forwarding
config system dns unset fwdintf end
Delete dns-udp session-helper
config system session-helper delete 14 [ 14 is references number for dns-udp ] end
Reduce the maximum file size for antivirus scanning
Go to Policy > Proxy Options > Common Options > Change: Amount (bytes)
Limit the space allocated for WAN optimization to 20GB
config wanopt storage edit Internal set size 20000 end
Specify amount of disk reserved for log
config log disk setting set log-quota 10240
Force schedule rule to shut sessions at time (instead of keep active sessions)
config firewall policy edit 2 (whichever is the schedule policy) set schedule-timeout enable end
Set session TTL
config firewall service custom edit "SSH" set session-ttl 600 Or you can do: config firewall policy edit 10 set session-ttl 300
Reducing impact on new policy install
config system settings set firewall-session-dirty check-new
To reduce the percentage of space allocated on the Internal disk for web caching to 80% (resulting in the amount of space for byte caching increasing to 20%)
config wanopt storage edit Internal set webcache-storage-percentage 80 end