How to troubleshoot bandwidth spikes

Forum|Forum|1 year ago
March 12, 2025
2 replies
1080 views

Hi,

I am facing the problem of occurring at similar time intervals (about every 15minutes) saturation of the ssl vpn link to the remote Fortigate device.

The saturated outbound direction traffic reaching 70mbit/sec:

When I go to Fortiview Destinations with destination network of the remote Fortigate I see that the traffic to this destination is partial about KB/s:

How can I diagnose this, because when these spikes occur it severely drops the performance of this link, ping responses increase from 10ms to about 300ms and users on the remote side of Fortigate can not work normally?

FortiOS is 7.2.11

Greetings

AEK

SuperUser

In your case, you may check in the traffic logs, by filtering on your SSL VPN tunnel as source interface (not as destination interface), and try check which sessions have the highest sent bytes (not received bytes) at that times. It should help you find what is causing these spikes.

AEK

TutekAuthor

New Member

There is nothing in the traffic log, because this bandwidth spikes are caused by return traffic (traffic is initiated at remote fortigate users that are connecting to central fortigate where servers are located, then come back ), the return traffic do not need any ipv4 policies, and if there is no policy then there is no traffic logs.

If I set on central fortigate in the traffic logs as source interface 'ssl-vpn-interface' facing remote fortigate, then I see traffic in direction: remote fgt --> central fgt.

Is I choose 'ssl-vpn-interface' as destination, then I see traffic in direction: central fgt ---> remote fgt - but there are here only "Implicit Deny" rules (because as I said in this direction I have no ipv4 policies).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded