tag:blogger.com,1999:blog-1532920267188739518.post6046566932428555415..comments2024-03-20T17:11:03.506-05:00Comments on Firewall Guru: The cmdb add entry failedSebastianhttp://www.blogger.com/profile/15029150331907372597noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-1532920267188739518.post-85010730783716847652013-10-21T12:42:11.033-05:002013-10-21T12:42:11.033-05:00Some background on cmdbsvr (Configuration Manageme...Some background on cmdbsvr (Configuration Management DataBase SerVeR)<br /><br /> 1) This process role in FortiOS is to provide I/O to the configuration database, meaning that all configuration activities end up with a call to cmdbsvr.<br /><br /> 2) Configuration is held in RAM, and regularly saved on the internal flash disk using compressed files on a per-vdom Sebastianhttps://www.blogger.com/profile/08701147779838193450noreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-72991866823930200772013-10-21T12:26:39.313-05:002013-10-21T12:26:39.313-05:00Does someone know what cmdbsvr proccess is for?Does someone know what cmdbsvr proccess is for?Bryannoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-74703908600174412952013-10-11T14:23:51.548-05:002013-10-11T14:23:51.548-05:00Additional info: I've got 2 60C's and an 8...Additional info: I've got 2 60C's and an 80. The 80 seems to have the worst case.<br /><br />In addition to killing ipsengine, look for multiple instances of pyfogid and kill these as well.<br /><br />To get a bit more memory out of the system:<br /><br />config sys global<br />set av-failopen idledrop<br />set av-failopen-session enable<br /><br />and limit the logging memory buffer<br Allen Underdownhttp://www.praecom.comnoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-7976830716624934752012-08-23T06:28:43.367-05:002012-08-23T06:28:43.367-05:00What affect does killing the Forticron process hav...What affect does killing the Forticron process have? <br /><br />Can I run the diagnose sys kill command on this process without affecting traffic?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-63786875320524231652012-08-10T04:38:24.157-05:002012-08-10T04:38:24.157-05:00#diagnose test application ipsmonitor 99: Same err...#diagnose test application ipsmonitor 99: Same error<br />#A harder way to restart "ipsengine": diagnose sys kill 9 6085 (6085 is the PID of ipsengine): Same error<br />#Restarting "forticron": diagnose sys kill 9 63 (63 is the PID of forticron): Used memory decreases from 73% to 51%. Now we can creat new policies again without errors. THANK YOU ALL!!! Case closed :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-89854675187787392552012-07-18T09:29:49.985-05:002012-07-18T09:29:49.985-05:00I have noticed alot of issues with deploying 60c&#...I have noticed alot of issues with deploying 60c's to remote offices regarding memory, and did like this forum since I often found answers here and wanted to help contribute. The UTM options we use are web / App Control / Antivirus. <br /><br />I did have this error yesterday with an 80CM in our lab, and had to do a few things in order to get it going again, no reboot needed. (restarted IPS Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-74537434853929725642012-05-11T05:24:35.746-05:002012-05-11T05:24:35.746-05:00Great help, thanks for sharing this one..Great help, thanks for sharing this one..Firewall Supporthttp://www.antivirus.supportmart.net/problems-issues/firewall-support/noreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-23006006798379773162012-02-01T08:58:12.772-06:002012-02-01T08:58:12.772-06:00I've been having similar problems too when edi...I've been having similar problems too when editing policies. The FG80 enters conserve mode for a minute or two and after that it's impossible to edit a policy without rebooting first. The error we get is FG_CMDBAPI_ERR.<br /><br />Our session and bandwidth load are massively below the specs of the FG80 (just as they were when we had a FG60B which also under-performed) but as soon as it Gary Fnoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-65300968869982113612012-01-30T04:53:30.184-06:002012-01-30T04:53:30.184-06:00This has been a huge issue for me, and as mentione...This has been a huge issue for me, and as mentioned above, is due to memory utilization. The problem I had was that I don't use ANY of the IPS features, yet the IPS processes were causing huge mem spikes. This has been fixed in MR2 Patch 8 and above.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-70345513871828640242012-01-24T23:47:35.568-06:002012-01-24T23:47:35.568-06:00This usually happen when the box enters conserve m...This usually happen when the box enters conserve mode as you pointed out. But from experience you better reboot the box because even if the memory threshold goes back under 70%, the box might be just too unstable to take your command and execute it properly.Davidhttps://www.blogger.com/profile/13412341283475430764noreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-91894664603199726142012-01-20T17:24:27.217-06:002012-01-20T17:24:27.217-06:00"diag deb cli 8" can give you some more ..."diag deb cli 8" can give you some more information why this message is shown.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-73320737075843402112012-01-20T15:42:37.163-06:002012-01-20T15:42:37.163-06:00Yup, good point Jelle. I noticed some odd behaviou...Yup, good point Jelle. I noticed some odd behaviour after adding addresses/group objects after simply reducing the memory usage.<br />It appears a reboot is required to actually fix the problem until the next conserve mode incident.Sebastianhttps://www.blogger.com/profile/15029150331907372597noreply@blogger.comtag:blogger.com,1999:blog-1532920267188739518.post-10165905685215862032012-01-20T15:18:03.379-06:002012-01-20T15:18:03.379-06:00Two of our fortigates have the same issue (FW 80CM...Two of our fortigates have the same issue (FW 80CM) with this "cmdb add entry failed" dialog.<br /><br />When this happens, our fortigates are in kernel conserve mode according to the eventlog. After restarting the IPsengine, the memory usage drops and an event with the message "Kernel leaves conserve mode" is written. But not long after this, it will enter kernel conserve Jelle Stoelhttps://www.blogger.com/profile/14930087730312731341noreply@blogger.com