Skip to main content
Zero
Zero
New Member
October 9, 2024
Question

Slow FortiClient VPN

  • October 9, 2024
  • 4 replies
  • 3806 views

Hello,

we are migrating from cisco AnyConnect VPN to FortiClient VPN. we are using FortiClient 7.2.5 and FortiGate 7.2.7 . we are seeing a significant difference in file transfer rate when the end user is trying to download a big file from a shared drive. I am pretty sure its not the internet circuit issue because I ran the test while I was working remotely. I have a 1Gb up/down and the download rate is similar to what our end-users are reporting. any help is greatly appreciated.

 

AnyConnectAnyConnectFortiClientFortiClient

4 replies

homalgo1
homalgo1
New Member
October 9, 2024

Try the other way around, actually - disable split DNS, and let your internal DNS server handle all DNS for the client. (This assumes the internal DNS is willing and capable of resolving any public DNS records) https://mobdro.bio/

Zero
ZeroAuthor
New Member
October 9, 2024

its already setup to use our internal DNS. split DNS already disabled

tpatel
Staff
tpatel
Staff
October 9, 2024

Hello, 

Make sure dtls is enable in ssl vpn setting on fortigate and also on forticlient. 

Please click on below link and reference document.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-DTLS-to-improve-SSL-VPN-performance/ta-p/193881

Zero
ZeroAuthor
New Member
October 10, 2024

enabled dtls in both the Fortigate and FortiClient but still the same max transfer rate is between 1MB/s - 3MB/s

tpatel
Staff
tpatel
Staff
October 14, 2024

Hello, 
For testing can you try to disable all UTM profile in ssl vpn policy and make sure you are using flow based.

Check speed after that. 
If still you are getting same speed you need to setup iperf server on local environment and you need to check speed. 
https://community.fortinet.com/t5/Customer-Service/Technical-Tip-How-to-increase-the-SSL-VPN-tunnel-mode-bandwidth/ta-p/216990

 

rahulkaushik-22
Staff
rahulkaushik-22
Staff
October 14, 2024

@Zero 

Create a VIP object and send the file over the Internet to check the speed difference when sent over the Internet vs SSLVPN.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configuration/ta-p/198143

Try to use latest version of Forticlient to rule out the Forticlient issue or try IPSec VPN rather than SSLVPN.







Regards, 
Rahul Kaushik

patelr
Staff
patelr
Staff
October 14, 2024

Hello @Zero 

 

Make sure, there isn't any VPN applications are installed, or running on test machine other than FortiClient .

 

Thanks, 
Ronak Patel

Zero
ZeroAuthor
New Member
October 14, 2024

do you mean uninstall Cisco AnyConnect?.. its been off during testing FortiClient VPN.

Terms & ConditionsAccessibility statement