v4.38 / Memory Warning / AV Cloud Query Bypass ???

USG_User

Since we've updated our USG110 from v4.35 to v4.38 on yesterday morning, we've received two Alert Log Warnings for two times:

System remaining 94 MB memory, AV Cloud Query bypass is on

... and 5 min later another warning message:

System remaining 233 MB memory, AV Cloud Query bypass is off

And as said above, this night we got both messages from USG again. What does it mean? Could anybody explain this new 4.38 behaviour? Is our USG running out of memory every day?

Zyxel_Charlie

@USG_User
It’s kind of tradeoff considering to the affordability of the hardware capability. 
On Express mode, there are six files types will be checked in "Applied files table" by default configuration. If there is not any file types from the "Applied files table", the device will not send the files to cloud for investigating.
Also, the default files which are the most popular attachment types, but for the exactly applied files on the table, it bases on what application or environment users will be applied.

Zyxel_Charlie

@USG_User
System messages: "System remaining x MB memory, AV Cloud Query bypass is on" means that the memory protection mechanism has been triggered by the decreasing resources, which temporarily disables AV Cloud Query (but it will still be verified by local engine)

USG_User

Thanks Charlie. But why this appeared the first time after installing the v4.38? We never experienced any memory issues before. That's why we're a little bit confused. Does v4.38 consumes more memory? Could it lead to temporarily disabled UTM services?

From my point of view our system resources are ok.

USG_User

This morning, right before official office hours began (means less traffic for USG), we received the alert message again:

1  System remaining 46 MB memory, UTM features bypass is on
2  System remaining 46 MB memory, AV Cloud Query bypass is on

And 5 min later:

1  System remaining 209 MB memory, UTM features bypass is off
2  System remaining 209 MB memory, AV Cloud Query bypass is off

Why the USG consumes so much resources since v4.38? Or is this kind of "memory management" a normal behaviour since ever and only sending an alert message is new in v4.38? In any case we are concerned about temporarily bypassing of UTM features at a firewall.

Does nobody else experience these memory alerts?

Zyxel_Charlie

@USG_User
Regarding to this case,
When the memory is kept on some usage, the UTM feature’s bypass will be turned on, until memory released. However,  it will still be verified by local engine. The message appeared does not the issue, just let users understand device's current status.

WMelonMan

I have this with one customer's USG 60. After updating to 4.38 a few days ago they receive these memory alerts each night (like 01:36 "System remaining 77 MB memory, AV Cloud Query bypass is on"  and  01:41 "System remaining 257 MB memory, AV Cloud Query bypass is off"). It is always 5 minutes long and starting either 01:36 or 02:36.
But what I would like to know: what is going on each night to drive memory consumption up - when there is much less traffic than during day time??? Maybe there is something wrong??

Zyxel_Charlie

@WMelonMan
It could be background daemon progress on non-peak time.
Also, the memory consumption accumulative reach the threshold of AV cloud query around midnight, therefore the action will be on. The action actually will keep for 5 mins to release memory. 

WMelonMan

@Zyxel_Charlie OK, thanks. Anyway it seems since I changed AV screening from "Streaming" mode to the new "Express" that this memory thing is not happening anymore.

USG_User

Is there an explanation about the new Express Mode available? The Help functionality within the USG which is calling a website is not yet updated.

WMelonMan

Yeah, I' d like to have some details on Express Mode, too! Didn't find anything online!

Zyxel_Charlie

@USG_User &@WMelonMan

On USG Series, the Help description is just not updated yet and we will update the content soon