Fine-tuning & best practices : Improving performance
Improving performance
When configuring your FortiADC appliance and its features, there are many settings and practices that can yield better performance.
System performance
Delete or disable unused policies. FortiADC allocates memory with each server policy, regardless of whether it is actually in active use. Configuring extra policies will unnecessarily consume memory and decrease performance.
To reduce latency associated with DNS queries, use a DNS server on your local network as your primary DNS. See “Configuring DNS settings”.
If your network’s devices support them, you can create one or more VLAN interfaces. VLANs reduce the size of a broadcast domain and the amount of broadcast traffic received by network hosts, thus improving network performance. See “Adding VLAN subinterfaces”.
If you have enabled the server health check feature and one of the servers is down for an extended period, you may improve the performance of your FortiADC appliance by disabling the physical server, rather than allowing the server health check to continue checking for the server's responsiveness. See “Load balancing among local servers”.
Logging performance
If you have a FortiAnalyzer, store FortiADC’s logs on the FortiAnalyzer to avoid resource usage associated with writing logs to FortiADC’s own hard disks. See “Logging to a FortiAnalyzer or Syslog server”.
If you do not need a traffic log, disable it to reduce the use of system resources. See “Enabling traffic & event logs”.
Reduce repetitive log messages. Use the alert email settings to define the interval that emails are sent if the same condition persists following the initial occurrence. See “Log severity levels”.
Avoid recording log messages using low severity thresholds, such as information or notification, to the local hard disk for an extended period of time. Excessive logging frequency saps system resources and can cause undue wear on the hard disk and may cause premature failure. See “Logging to a FortiAnalyzer or Syslog server”.
Report performance
Generating reports can be resource intensive. To avoid performance impacts, consider scheduling report generation during times with low traffic volume, such as at night and on weekends. See “Scheduling reports”.
Keep in mind that most reports are based upon log messages. All caveats regarding log performance also apply.
Packet capture performance
Packet capture can be useful for troubleshooting but can be resource intensive. (See “Packet capture”.) To minimize the performance impact on your FortiADC appliance, use packet capture only during periods of minimal traffic. Use a local console CLI connection rather than a Telnet or SSH CLI connection, and be sure to stop the command when you are finished.