Lag in traffic between LAN1 and LAN2

Forum|Forum|4 years ago
August 25, 2021
1 reply
2961 views

We have two LANs, one for the computers/printers/etc, and one that just contains our spamfilter and mail server. We have two policies allowing traffic between the LANs on the required ports. NAT is enabled on both. When users go to check their email from LAN1, theres a 3 to 5 second delay before their client connects to the mail server on LAN2. This is a new Fortigate 100F that replaced an old firewall with a similar setup where they didn't have this issue. Any input on potential causes would be appreciated.

6.2

emnoc

New Member

Did you check;

1: pcap from the client or server or both

2: is dns servers(s) and the order of the dns-server services are 100% operational

3: did you run "diag debug flow"

4: And humor me on why do you have NAT enable on lan to lan traffic

If you get a pcap and assuming this is TCP the total delay is really the SYN and the SYN-ACK reply and I highly doubt the fortigate is causing a 3-5 second delay. I 'm betting your DNS server is slow or faulty or something DNS related.

Ken Felix

jcutrufelloAuthor

New Member

1: I'll have to talk to the the on-site tech do pcap. I don't have outside access to their computers/servers

2: We have 2 DNS configured. Their DC is 1 and a public DNS is 2

3: No. Fortinet support had us run diagnose netlink interface list name on the ports for LAN1 and LAN2

4: NAT was enabled by the default when we set the policies and Fortinet support didn't say to turn it off even after being told it was still enabled

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded