Improving performance

When you configure your FortiWeb appliance and its features, there are many settings and practices that can yield better performance.

System performance

Antivirus performance

Regular expression performance tips



Short regular expressions can sometimes be more complex to compute. Don’t look at the number of characters in the regular expression. Instead, think of both the usual and worst possible case in the match string: the maximum number of characters that must be compared to the pattern before a match can be verified or not.

The usual case will tell you the average CPU and RAM load. The worst case will tell you if your regular expression could sometimes cause potential hang-like conditions, temporarily blocking traffic throughput until it finishes evaluating.


If the worst possible match string is short and not complex to match, the regular expression may not be worth your time to optimize.

For example, when using auto-learning to discover if street addresses are a valid input, scanning for postal codes or state abbreviations instead may dramatically improve performance. A pattern to fully match all possible street addresses is significantly more complex, involving many more computations, and the most difficult addresses to verify might be complex enough to impact traffic throughput.

If missed matches are an acceptable performance trade-off (for example, if matching 99% of cases is efficient, but matching 100% of cases would require deep recursion), or if you do not need to match the whole text, remove the unnecessary part of the regular expression.

For example, if a phone number always resembles 555-5555, your regular expression would not have to accommodate cases where a space separates the numbers, or it is prefixed by a country code. This is less comprehensive, but also less CPU-intensive.

Logging performance

Log&Report > Log Policy > Email Policy

Report performance

Generating reports can be resource intensive. To avoid performance impacts, consider scheduling report generation during times with low traffic volume, such as at night and on weekends. See the illustration Log&Report > Report > Report Config and Scheduling reports.

Log&Report > Report > Report Config

Keep in mind that most reports are based upon log messages. All caveats regarding log performance also apply.

Auto-learning performance

Auto Learn > Predefined Pattern > Data Type Group

Auto Learn > Predefined Pattern > Suspicious URL

Disabling unnecessary server information disclosure signatures in Web Protection > Known Attacks > Signatures > Signature Details

The Information Disclosure feature can potentially require the FortiWeb appliance to rewrite the header of every request from a server, resulting in reduced performance. Fortinet recommends enabling this feature only to help you identify information disclosure through logging, and until you can reconfigure the server to omit such sensitive information.

Omitting large files from the backup in Web Protection > Web Anti-Defacement > Web Site with Anti-Defacement

Unless you need to back up large files, reduce the setting for the Skip Files Larger Than option from the default of 10 240 KB.

Use the Skip Files With These Extensions option to exclude specific types of large files, such as compressed files and video clips.

Vulnerability scan performance

Vulnerability scan performance depends on the speed and reliability of your network. It also can be impacted by your configuration. See Delay Between Each Request.

Packet capture performance

Packet capture can be useful for troubleshooting but can be resource intensive. (See Packet capture.) To minimize the performance impact on your FortiWeb appliance, use packet capture only during periods of minimal traffic. Use a local console CLI connection rather than a Telnet or SSH CLI connection, and be sure to stop the command when you are finished.

TCP transmission performance tuning

FortiWeb allows you to tune TCP transmission performance by adjusting the buffer parameter of TCP connections through the CLI over high-bandwidth, high-latency networks. Large-size file transmissions (usually larger than 150MB) or serious traffic congestion between FortiWeb and backend servers is a common situation that might cause clients to experience poor TCP performance.

The tcp-buffer option in system network-option defines the TCP_mem variable to indicate to FortiWeb how the TCP stack should behave regarding memory usage. It consists of three values (the values are measured in memory pages):

Setting the tcp-buffer option as default, high, or max from the CLI specifies the three values to FortiWeb as following:

while tcp-buffer=default, (low, pressure, high) = (16384, 32768, 65536)

while tcp-buffer=high, (low, pressure, high) = (16384, 87380, 629145)

while tcp-buffer=max, (low, pressure, high) = (16384, 174760, 1258290)

Note that although the tcp-buffer option can provide an increase in throughput on high bandwidth networks, it decreases the number of concurrent TCP connections established on FortiWeb.


config system network-option

set tcp-buffer high