NP6: UDP throughput limitation?

Hello,

we´re experiencing lower download throughput when putting a wireguard vpn server behind a Fortigate 500E cluster:

• [Wireguard client]-----[Internet/30ms]--------[Wireguard server]-----[FortiGate]------[SMB server] => ~ 42 MB/s
• [Internet/30ms]--------[Wireguard client]-----[Wireguard server]-----[FortiGate]------[SMB server] => ~ 42 MB/s
• [Wireguard client]-----[Internet/30ms]-------[Wireguard server]-----[SMB server]----[FortiGate] => ~ 42 MB/s
• [Internet/30ms]--------[Wireguard client]-----[Wireguard server]-----[SMB server]----[FortiGate] => ~ 42 MB/s
• [Wireguard client]-----[Internet/30ms]--------[FortiGate]------[Wireguard server]-----[SMB server] => ~ 10 MB/s
• [Internet/30ms]--------[Wireguard client]-----[FortiGate]-------[Wireguard server]-----[SMB server] => ~ 10 MB/s

- Setup:
Fortinet 500E cluster (active/passive)
FortiOS 7.4.7
Wireguard with UDP
client downloads 20GB file from SMB server
all server with public IP, no NAT

- policy flow based

config firewall policy
edit 1
set name "wireguard"
set srcintf "WAN"
set dstintf "x2"
set action accept
set srcaddr "all"
set dstaddr "wireguard-server"
set schedule "always"
set service "udp-51820" "icmp_all"
set profile-protocol-options "NoProxy"
set ssl-ssh-profile "no-inspection"
set logtraffic disable
set auto-asic-offload disable
set np-acceleration disable
next
end

- As you can see we already disabled "auto-asic-offload" and "np-acceleration". When enabling those download reaches a maximum of 6 MB/s.

- No traffic shapers activated.

- set ssl-ssh-profile "no-inspection" so nothing gets checked

As traffic always passes the NP6 I am asking myself whether there is a kind of limitation regarding UDP traffic?