Skip to main content
szuko
szuko
Explorer II
January 23, 2022
Solved

Outbound-Decryption

  • January 23, 2022
  • 3 replies
  • 5384 views

HI THERE ,i have really big problem , im doing  Outbound SSL decryption  with deep packet inspection on my fortigate , i have 10G connection , but when i use deep packet inspection my download speed limits to 200kbs or something near that, my upload is just work fine , and when ever i put SSL Profile to no inspection it gets fixed . i dont have any overhead on my device. what the problem could be ? Thanks in advanced.

Best answer by AlexC-FTNT

And what is your policy mode? Is it in proxy or flow?

Is it the same in both situations? (should be proxy-)

3 replies

AlexC-FTNT
Staff
AlexC-FTNT
Staff
January 25, 2022

It seems that you are using a SoC unit (low-end series/smaller units, up to 200 Series) that lacks the processing power or dedicated CPU (CP8/CP9) for SSL decryption. There might be limitations to the bandwidth used, so that the processor (that handles all the operations) does not reach top usage with only one connection

    szuko
    szukoAuthor
    Explorer II
    January 26, 2022

    hi there, im using 200f, and i think it has dedicated cpu for decryption

    AlexC-FTNT
    Staff
    AlexC-FTNT
    Staff
    January 26, 2022

    in that case you probably need to check the traffic in a packet capture, looking for retransmissions, errors, etc. And if you still don't see any, then opening a support case may be the way to go.

      szuko
      szukoAuthor
      Explorer II
      January 27, 2022

      Thank you for putting time  and helping me . acctually after packet capture i have lot of retransmission, duplicated packet, and sometime out of order, but mostly retransmissions , so the slow speed is cuz of that ? , what i can do in order to fix this ? thanks

      szuko
      szukoAuthor
      Explorer II
      January 26, 2022

      btw my cpu process is under 5 %

      Terms & ConditionsAccessibility statement