Skip to main content
CreatingRoutes
CreatingRoutes
New Member
August 16, 2021
Question

Fortigate 60E Forwarding capacity, SG550 LACP to Fortigate 60E Issue

  • August 16, 2021
  • 2 replies
  • 3059 views

Hi guys, I've been struggling with this issue for months and figured I'd ask for help here. Fortigate 60Es are rated as 3/3/3 Gbps on their spec sheet: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_FortiWiFi_60E_Series.pdf - Does that mean that they can forward 3 Gbps from vlan to vlan? Also, does that work with Link Aggregation?

 

I can't seem to get my LACP/Link Aggregation to work properly with an SG550, or at least I think. I've attached a network diagram.

 

I've configured two ports as LACP in SG550 and connected them to the 60E, using IP/MAC Address Load Balance Algorithm.

[ul]
  • I've configured an 802.3ad Aggregate on the 60E and created vlans under the Aggregate interface.
  • Static routes on both devices for vlans are pointed at each other.
  • It seems like the network speed is sharing 1 Gbps when I Iperf from two devices on vlans 5 and 6 to two other devices on vlans 1 and 3.[/ul]

     

    My Tests

    [ul]
  • Vlan 1 Device (Firewall Interfaced) - 192.168.10.1
  • Vlan 2 Device (Firewall Interfaced) - 192.168.20.1
  •  Vlan 5 Device (Switch Interfaced) - 192.168.50.1
  •  Vlan 6 Device (Switch Interfaced) - 192.168.60.1[/ul]

    1. 192.168.50.1 Iperf to 192.168.10.1 2. 192.168.60.1 Iperf to 192.168.20.1 Iperf 1 gets 750 Mbps while Iperf 2 will get 95 Mbps while both are happening concurrently.

    Any help is appreciated, thanks everyone.

      • 2 replies

      amrit
      Staff & Editor
      amrit
      Staff & Editor
      June 30, 2024

      As per the spec sheet following are the interface and speed details

      Interfaces
      1. 1 x USB Port
      2. 1 x Console Port
      3. 2 x GE RJ45 WAN Ports - Two 1 Gig ports
      4. 1 x GE RJ45 DMZ Port --  One Port -- 1 Gig
      5. 2 x GE RJ45 FortiLink Ports- Two RJ45 --1 Gig each
      6. 5 x GE RJ45 Internal Ports -- port1 to port 5 --- five ports ---1 Gig each 

       

      Where do you see 3 gig ports in the spec sheet?

      The port speed is shared among the VLANs. 

        jintrah_FTNT
        Staff
        jintrah_FTNT
        Staff
        July 1, 2024

        Hi,

         

        The 60E firewalls overall max throughput is 3Gbps, this would be achieved using multiple interfaces. On the aggregate, the LB algorithm could chose one of the lacp interface member for distribution anytime for 1 session. So it appears the LB algo chose the same member for distribution for both these sessions, and utilising the 1Gig BW available from a member. For even distribution, you may want to test by changing the IP address of hosts so that hash changes and chose a different lacp member for different sessions.

         

        Best regards,

        Jin

          Terms & ConditionsAccessibility statement