Technical Tip: Running local iPerf3 client to test bandwidth against FortiOS v7.4.8+

This article describes that in FortiOS v7.4.2, an authorization check was introduced for iPerf clients, due to the utilization of the speedtest-server feature for ADVPN (Speed tests run from the hub to the spokes in dial-up IPsec tunnels). Thanks to that, it is no longer possible to test bandwidth between FortiGates as the speed-test check until FortiOS 7.4.8. Since FortiOS v7.4.8+, it is possible to run an iperf server locally, and a regular iPerf client can be used as well.

In FortiOS versions older than v7.4.8, the following error is returned when trying to run the iperf server:

fgtiperfserver_olderversion# diagnose traffictest run -s
iperf3: parameter error - cannot be both server and client

In FortiOS versions older than v7.4.2, the only possibility to run an iPerf server is by configuring and running the commands below:

config system global   
   set speedtest-server enable
end

config system interface
    edit "port1"   
        set allowaccess ping https ssh http speed-test
    next

end

And then run the following on a client FortiGate:

diagnose traffictest run -c <FortiGate server IP>

Or use an iPerf3 client:

iperf3 -c <FortiGate server IP>