Freeing up memory for high memory consuming functions

Frequently Asked Questions
Posts: 629
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Freeing up memory for high memory consuming functions

Post by Peter » 07 Oct 2008, 17:35

This FAQ applies to:
  • Clavister CorePlus™ 9.X and 8.x
I'm using Core Version 9.X (or 8.X) and i run into a problem when i use alot of IDP signatures. Not all desired signatures can be used as my unit seems to lack the required memory. Can i somehow free up memory in order to try use them?

Yes, it's possible to limit some of the basic functions that allocates memory per default. The most common ones that take up a lot of memory is Connections and Ipsec tunnels.

Lets say your license supports 128 000 connections and 500 Ipsec tunnels. You conclude that you will never need more than 32 000 connections and say 50 tunnels. By default the SGW looks at the license and allocates memory for whatever the license may hold, these settings can be overridden and a manual value can be typed in.
  • CorePlus 8.X
    For Connections the option is under "Advanced Settings->State->MaxConnections".
    For Ipsec the option is under "Advanced Settings->Ipsec->IpsecMaxTunnels".
  • CorePlus 9.X
    For Connections the option is under "Advanced Settings->State Settings->Max Connections".
    For Ipsec the option is under "Interfaces->Ipsec->Advanced Settings->Ipsec Max Tunnels".
Note: This is just an example, there are other functions that also might require lots of memory.
Note #2: The ability to save memory by restricting the IPsec tunnels are only possible in versions 8.50 and older. This is due to a change in how memory allocates. In versions 8.60 and up it allocates all memory needed as soon as you configure an IPsec tunnel. It does not matter if it's one or 100, the memory allocation will be the same based on the license limit.

Important note: Ipsec memory is allocated at startup so even if you Save and Activate these changes it will not take effect until the unit has been restarted/rebooted.