IPSEC throughput limited?

Forum|Forum|8 years ago
January 10, 2018
2 replies
40207 views

We are having some throughput problems between two Fortinet devices.

We have a 100D connected to a 60E over an IPSEC tunnel. The traffic seems to stagger around ~200Mbps even though we have a direct Gbps fiber connection.

Somewhere, it feels like a limitation of sorts. Any setting that could give this behaviour, or could it be that the 100D is simply too old for these speeds?

heisenberg

New Member

vpn imply an overhead over the "pure" speed of a link. It is normal that a device cannot do a full link speed over vpn channel.

to do a full speed vpn connection you need specific processor/device (more expensive that a 100D)

hope this helps.

ps. you can see your vpn limit on the forti 100D docs. (consider even the other traffic that pass through the wan you are using...the "tube" is the same and it is shared)

heisenberg

New Member

for example a 110C have a 100Mbit limitation over vpn.

a 100D is granted for 300Mbit over ipsec vpn but you have to consider the slowest link, in this case the 60E that is granted for 150Mbit. You are lucky because you are slightly over performance.

my best

oheigl

New Member

I'm not sure where you got those values, but in the datasheet these are listed:

FortiGate 60E: IPsec VPN Throughput (512 byte) - 2 Gbps

FortiGate 100D: IPsec VPN Throughput (512 byte) - 380 Mbps

heisenberg

New Member

Sorry, you are absolutely right I was reading the ssl vpn not the ipsec. (this can explain the slightly more throughput over 150Mbps that I wrote).

Anyway you should go up to 380 because of the 100D....up to....as you use AES256-SHA256 and other condition over the firewall. May be 200Mbps seems not as lighting fast but, pheraps you should consider the load on the device or for example the geographic (routing) distance

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded