Skip to main content
yz426onnos
yz426onnos
New Member
December 16, 2021
Question

Fortigate 50E not passing more than 223 MBPS on WAN port

  • December 16, 2021
  • 4 replies
  • 3790 views

Having trouble here, we have a gig internet connection, I am pushing 300 MBPS from our remote sites back to our office and seems the bottle neck is the FG. I have ensured threat detection, application control, IPS, and logging are disabled. However I cannot get this to download more than 220-226 MBPS. I have confirmed with gig switch direct from ISP that I am getting over 900 MPBS and passing traffic fine. 

 

Any ideas what could possible be a miss? 

4 replies

Markus_M
Staff & Editor
Markus_M
Staff & Editor
December 16, 2021

You might want to check during the traffic test whether the FGT is on a high CPU load.

Also see what kind of traffic this is. If this is traffic decrypted at the FGT as a deep inspected VIP (SSL inspection = protect server) or an IPSec endpoint, this will cause considerable overhead.

 

You can test from the FGT directly with the traffictest command.

This one is described here:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-perform-bandwidth-tests/ta-p/197784?externalID=FD45599

 

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
December 16, 2021

Not sure how much UTM stuff or how many VPNs this 50E is handling. But I'm generally not comfortable putting a full Gig circuit on a 50E, which doesn't have any ASIC chips.

 

Toshi

yz426onnos
yz426onnosAuthor
New Member
December 17, 2021

So the 50E is running at 16% CPU and is not handling any VPN traffic. All VPN traffic is forwarded to an internal OpenVPN server. 

yz426onnos
yz426onnosAuthor
New Member
December 17, 2021

bandwidth.png

This is from the provider showing bandwidth. This is a gig connect from them and we cannot get this to go any higher. I know for a fact that we are pushing 300 MBPS to this site. 

Terms & ConditionsAccessibility statement