Really Poor SMB performance

Forum|Forum|7 years ago
March 4, 2019
2 replies
16863 views

Fortinet to Fortinet, 100E to 60E, IPSec Tunnel, gigabit connection on the 100E and 400mbit on the 60E.

SMB transfers are slow, about 2 or 3mbps.

Have adjusted tcp-mss in the IPV4 policy for the indicated branch and on the IPSEC interface itself to 1306 (which is low but higher doesn't matter, when left at default it was fragmenting so I lowered it)

config sys interface

edit <interfacename>

set tcp-mss 1306

end

AND

config firewall policy

edit <policy number>

set tcp-mss-sender 1306

set tcp-mss-receiver 1306

end

(configured both legs of the firewall policy, inbound and outbound, on both firewalls)

Perhaps of note, IPSEC tunnels to Juniper firewalls perform normally (also have tcp-mss set to 1306) . . .

What setting am I missing?

atsakAuthor

New Member

Any help at all appreciated. I suspect the issue is that the tcp-mss setting isn't taking, but I simply can't find any other places I can set it.

Dave_Hall

New Member

Maybe related - see this post regarding disable asic and hmac offloading for ipsec.

config sys global set ipsec hmac disable set ipsec asic disable end

atsakAuthor

New Member

Thanks - has anyone done this? Does it interrupt service?

MdMan85

New Member

If you find something please let me know as well. I've been looking for a long time and have come up empty handed. The one thing that has helped was enabling NAT on the tunnel but was barely noticeable. The command below was run on both ends (only effective if Fortinet to Fortinet)

config vpn ipsec phase1-interface

edit phase1name

set nattraversal forced

Hope this makes a difference for you.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded