Skip to main content
Ralph1973
Ralph1973
New Member
January 11, 2017
Question

poor vpn performance

  • January 11, 2017
  • 2 replies
  • 12452 views

Hello, I have been struggling for some time now to fix an issue with a customer who has 3 FGT 90D's on 3 different sites, with full mesh vpn between the sites. Also there is an ipsec tunnel to Azure configured on each Fortigate.

Problem is that traffic over vpn tunnels goes very slow. What I have checked until now:

- ipsec traffic cannot be offloaded to a dedicated asic (90D only has a SOC processor)

- UTM filtering is only configured for outbound traffic, not for incoming tunnel traffic (to prevent packets are inspected twice)

- cpu and memory load is normal

- mtu of wan interface is 1492 (so not default 1500) and mtu of ipsec tunnels is 1422 bytes

- monitoring wan interface on dashboard doesn't show a wan interface that is fully consumed.

- AES encryption is used on tunnels (less resource intensive than 3DES)

 

Anyone has any suggestion?

Thank you and regards,

Ralph Willemsen

Arnhem, Netherlands

2 replies

Paul_S
Paul_S
New Member
May 5, 2017

Did you ever get a solution?

Smartypants
Smartypants
New Member
May 31, 2017

I have what I believe to be the same problem.

an HA pair of 900D's connecting to a Fortigate VM firewall at a remote data center using a tested 500MBPS circuit and only getting 30-50 MBPS. We tried different phase1 and phase2 settings nothing helps.

 

Terms & ConditionsAccessibility statement