When the FortiGate enters Conserve Mode due to high memory pressure (specifically reaching the Extreme Threshold at 95% memory usage, or the Red Threshold for proxy traffic), the system prioritizes stability and preventing a system crash (kernel panic).
D. FortiGate begins dropping all new sessions to protect resources:
In Extreme Conserve Mode (95%), the FortiGate kernel acts to preserve the remaining memory for system-critical tasks (like admin access and basic packet forwarding of existing sessions). To achieve this, it drops all new session initiation requests regardless of the inspection type.
In Red Conserve Mode (88%), it specifically drops new sessions that require proxy-based inspection (as these consume the most memory), while often still allowing flow-based traffic.
Among the provided choices, "dropping new sessions" is the only standard protective mechanism FortiOS employs to stop memory usage from climbing further.
Why other options are incorrect:
A: FortiGate does not automatically reboot in conserve mode; it attempts to recover by restricting traffic. (Reboot is a last-resort crash, not a configured action).
B: Inspection modes (Proxy vs. Flow) are defined in firewall policies and cannot be dynamically switched by the system during runtime.
C: The system does not arbitrarily stop "non-essential processes" like logging or AV. Logging is critical for audit trails. While av-failopen can be configured to bypass scanning, the system typically defaults to "Fail-Close" (dropping traffic) rather than stopping the engines themselves.
[Reference:, FortiGate Security 7.6 Study Guide (Diagnostics & Resource Usage): "When memory usage reaches the extreme threshold (95%), all new sessions are dropped to prevent memory exhaustion.", , ]
