Chapter 4 Authentication : Agent-based FSSO : Troubleshooting FSSO : FortiGate performance is slow on a large network with many users
FortiGate performance is slow on a large network with many users
FSSO sends information about Windows user logons to FortiGate units. If there are many users on your Windows AD domains, the large amount of information might affect the performance of the FortiGate units. Logon tracking is logged to memory, and may reduce performance in extreme situations.
To avoid this problem, you can configure the Collector agent to send logon information only for groups named in the FortiGate unit’s security policies. Also you can configure the Ignore User list on the FortiGate unit to avoid tracking unnecessary logons.
Also logging to memory can consume large amounts of FortiGate system memory. To lessen the memory used, change the logging from the default level of Information to a less frequent level such as Error or Warning. This results in less information being logged and frees system memory to improve overall FortiGate system performance. However, if you are trying to troubleshoot a problem one of the first things to do is to change the logging severity to Information or possibly even Debug to provide you with additional information while solving your problem.