Skip to main content
Silver
Silver
New Member
February 13, 2015
Question

After installed Fortinet firewall on network notice performance slow

  • February 13, 2015
  • 7 replies
  • 9269 views

Dear All,

 

We noticed after installed Fortinet firewall the network performance becoming slow 

 

can anyone tell me why and what could be the problem and what need to do on the firewall to resolve it.

 

Example if someone doing rdp its taking more time after installed fortinet and other services also.

 

Thanks

    7 replies

    patrick_z
    patrick_z
    New Member
    February 13, 2015

    Hi,

    first of all I would look at the interface speed - set it to fixed values instead of auto.

    ie. 1000mbit full duplex.

    What model do you have? Is it just between LAN-LAN or LAN-WAN etc.

    Disable the IPS/Antivirus/etc. for testing. If this is the cause you can set them to flow instead proxy.

    A little bit more info will be good ;)

     

    cheers, Patrick

    Silver
    SilverAuthor
    New Member
    February 13, 2015

    Hi Patrick,

    Thank you for your reply, Model 1000D only on LAN to LAN intervlan routing perform on the firewall for all the internal vlan.

    Silver
    SilverAuthor
    New Member
    February 13, 2015

    Please note for now no UTM features apply

    patrick_z
    patrick_z
    New Member
    February 13, 2015

    Hi Silver,

    that is at least strange. check port settings - look at the switch end as well for errors.

    I assume that you are using multiple interfaces to route the VLANs and not only 1 ;)

    Is the low speed more a latency or more a throughput issue? What do you think?

    Cheers, Patrick

    Silver
    SilverAuthor
    New Member
    February 13, 2015

    Hi,

     

    I think low speed more a latency and just to add am using aggregate link from fortinet to my core switch

    patrick_z
    patrick_z
    New Member
    February 13, 2015

    hmmm well,

    so you are using 2 or 4 ports for the "trunk".

    Anything shown on the switch? You double checked that LACP (Etherchannel) are

    on the right ports? can you test speed with single (normal) connection?

    I had it sometimes that LACP between to different vendors is not doing what the

    spec says that it should do (ie. Cisco <-> HP)

    I'm running out of ideas - you need to dig into this via wireshark and see what

    really happen there ...

    Cheers, Patrick

     

    ashukla_FTNT
    Staff
    ashukla_FTNT
    Staff
    February 14, 2015

    Slowness in rdp is typical symptoms of mtu issue.

    Check the path mtu and set the mss in policy accordingly.

     

    http://www.letmecheck.it/mtu-test.php 

    Silver
    SilverAuthor
    New Member
    February 14, 2015

    the mss can i set it on the virtual vlan interface instead on policy as we are having several policy to this direction. 

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 15, 2015

    VLAN ports inherit the MTU of their physical port. You can set the MTU there.

    Terms & ConditionsAccessibility statement