Hardware for a 200 Mbps ipsec tunnel

I would suggest using a program such as iperf which is basically a bandwidth capacity tool. There isn't much overhead as there may be with FTP. Also, try futzing with the encryption and compression on both sides. That may help as well. Thirdly, force your external ports to the speed your ISP is providing, if you haven't done that already.

My two cents

Hi:

Just want to update this post.

I have conducted some tests on the mentioned scenario, i can confirm that FG100D can forward 200 mbps ipsec tunnel without problems, the test was conducted on a live working environment, here is the main data

Internet links: 200 mbps simetric on both sides, on the same city

Firewalls:   FG100D

IPSEC: 3DES-SHA1 DH2 for phase1 and phase2

Software used:   iperf3

CPU on Diag Sys Top during test: 0U, 0N, 16S, 84I;

iperf3 results:

[ ID] Interval           Transfer     Bandwidth [  4]   0.00-1.01   sec  22.1 MBytes   183 Mbits/sec [  4]   1.01-2.01   sec  23.4 MBytes   196 Mbits/sec [  4]   2.01-3.01   sec  19.8 MBytes   166 Mbits/sec [  4]   3.01-4.01   sec  22.1 MBytes   186 Mbits/sec [  4]   4.01-5.01   sec  21.2 MBytes   179 Mbits/sec [  4]   5.01-6.01   sec  21.8 MBytes   183 Mbits/sec [  4]   6.01-7.00   sec  23.1 MBytes   194 Mbits/sec [  4]   7.00-8.00   sec  21.1 MBytes   177 Mbits/sec [  4]   8.00-9.00   sec  20.1 MBytes   169 Mbits/sec [  4]   9.00-10.02  sec  19.0 MBytes   157 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval           Transfer     Bandwidth [  4]   0.00-10.02  sec   214 MBytes   179 Mbits/sec                  sender [  4]   0.00-10.02  sec   214 MBytes   179 Mbits/sec                  receiver iperf Done.

So we can conclude that this harwdare is enough, of course mileage may vary with the application, but that´s another story, thanks for the help and ideas!