Problem of bandwidth

Forum|Forum|13 years ago
April 17, 2013
2 replies
14076 views

Hi All, My Forti product is a FortiWifi 60C (v4.0,build0656,130211 (MR3 Patch 12)). Just one vdom (root). I have 2 software switchs : - switch_data from interna1 to internal5 ; - switch_wan from wan1 to wan2. On each interface : - internal1 : device in 1Gbps ; - internal2 and 3 : devices in 100Mbps ; - internal4 and 5 : free ; - wan1 : my ISP router in 1Gbps ; - wan2 : device in 1Gbps ; - dmz : not used ; - two Wifi interfaces : one secure and one in captive portal (5GHz band). All the firewall policies are UTM features enabled (AV, Application, Web Filter). There are 10 policies. My ISP offers a bandwidth in fiber with a bandwidth of 200Mbps. When I connect my laptop in Ethernet directly on the ISP router (1Gbps), a speedtest result to Internet is 190Mbps. When I connect the same laptop on the internal4 (all the others devices are off), a speedtest result is about 10 at 15Mbps. Same result if I disable all the UTM features. Other test : on internal1, the device is now up (in 1Gbps). I do some speedtest with iperf between internal1 and internal4 (all the others devices are always down) : the result is the same as WAN test through FortiWifi. Someone can help me to diagnose this problem ? Regards, Heodrene

storaid

New Member

could you check your cpu usage when speedtest is running? are you using PPPoE connection(VDSL2)??

HeodreneAuthor

New Member

Hi Storaid, In GUI or in CLI mode (with get system top) ? Not PPOE interface used on the FortiWifi. My Internet connection isn' t a xDSL technology but fiber optic.

HeodreneAuthor

New Member

I connect my laptop in Ethernet (1Gbps) on internal4. 1) With UTM profiles enabled, Speedtest gives 9.75MBps. " diag sys top" displays high CPU usage for four processes : - ssl ; - proxyworker ; - ipsengine ; - scanunitd. 2) Without UTM profiles enabled, Speedtest gives 70MBps. " diag sys top" doesn' t display any prrocess with high CPU usage but the bandwidth is still low. 3) Directly on the ISP router, Speedtest gives 190Mbps. I' m disapointed... :(

storaid

New Member

remove software switch, disable all UTM features and try again... in fact, software switch can impact the I/O performance.. because these packets from software switch interface can NOT be handled by hardware FortiASIC(fast-path).

if you enable the following features, the NPU acceleration will be lost: 1. UTM features 2. software switch 3. QoS features

HeodreneAuthor

New Member

Hi Storaid, Good job soldier !

I did a factory reset, I just configured WAN1 interface, one Policy. Below 3 tables : - first : results before factory reset with my FWF60C ; - second : results with an other FWF60C and the same configuration as above ; - third : result with my last configuration without software switches : NB : the UTM speedtest is low because AV is enabled. When you read FWF60C datasheet, you notice the AV throughput is 20Mbps in proxy-based (versus 40Mbps in flow based). So, this result is not an issue, it' s " by design" . If I disable AV feature, the speedtest is better (about 135 - 155Mbps). In this case, this is the IPS throughput that limits my bandwidth. Thanks a lot for everybody

Heodrene

Ec89649.jpg

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded