Site to site traffic flow over IPsec very slow

Forum|Forum|8 years ago
November 27, 2017
1 reply
21353 views

Fortigate 100D to 100E on fiber site A 150/150 to fiber Site B 250/250.

I transfert from site B to site A on FTP 145mbits outside the VPN and 10 mbits on the same servers through the the vpn.

I have the same performance through vpnssl from my home (10mbits)

On ftp from my home 145mbits on site A and 230 from site B

I reach almost the speed of the fibe outside the vpn

Cpu's work at 5-10 %

Same result with 5.4.4 and now 5.6.2....

Enabling or disabling DTLS change nothing

config vpn ssl settings set dtls-tunnel enable/disable end

Ideas?

Iescudero

New Member

Hi there!

maybe a dumb question, but you have a traffic shaper or any UTM feature applied on any policies?

The transfer protocol is always FTP?

The IPSEC Tunnel is an interface mode tunnel?

Wabo84Author

New Member

no raffic shaper no UTM

All transnfert is slow... ftp, smb...

yes interface, he last test we created with the vpn wizard both side...

Iescudero

New Member

According datasheet, the IPSec VPNThoughput of each are:

Fortigate 100D: 380 Mbps

Fortigate 100E: 4 Gbps

So, this should work fine.

Can you disable the acceleration?

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-hardware-acceleration-52/acceleration-overview.htm

Maybe de SOC or the NPU are the issue.

If this not solved the problem, you've got to do some troublehooting, like check error logs, discarded packets or debug vpn traffic to obtain more data.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded