Skip to main content
cyberblitzx
cyberblitzx
New Member
December 12, 2017
Question

Slow Speeds Over IPSEC VPN

  • December 12, 2017
  • 1 reply
  • 10120 views

So I will preface this post with saying I'm fairly new to Fortigate. So i'll just get right to my issue, We have an IPSEC VPN configured for our site to site traffic, the problem is we are getting at most 20 Mbps and it's fairly sporadic ranging from 1-20. We pay a company to manage our firewalls but they have worked for months with no success and I want to see if I can figure this out. 

All tests were performed using Iperf3 .

I did test connection over the internet between locations and I was testing between 90-100 Mbps which is closer to the speeds we pay for. Let me know what information I can provide. Any assistance is greatly appreciated.

    1 reply

    neonbit
    neonbit
    New Member
    December 12, 2017

    What model of FortiGate are you using?

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    December 12, 2017

    Yes, more beef please.

    - FortiOS?

    - VPN parameters, esp. encryption settings?

    - the VPN policy?

     

    Preferable from the CLI.

    Most likely ASIC offloading is not happening. Uh, my crystal ball is fogging...

    cyberblitzx
    cyberblitzxAuthor
    New Member
    December 13, 2017

    Model: 90D

    OS: v5.4.4,build1117

    Connected to Hardware Switches.

    Both locations are identical equipment

    Here is what I know about the tunnels, I'm unsure what I would pull from the CLI (looking into it)

     

    They created them using the Wizard.

    Auth: PSK 

    IKE

    V:1

    Mode: Main

    Phase 1:

    [ul]
  • AES128-SHA256
  • AES256-SHA256
  • AES128-SHA1
  • AES256-SHA1
  • 3DES-SHA1[/ul]

    Diffie-Hellman Groups: 14, 5

     

     

    Phase 2 Selectors 

    Local 0.0.0.0/0.0.0.0

    Remote 0.0.0.0/0.0.0.0

     

    Encryption:

    [ul]
  • AES128-SHA1
  • AES256-SHA1
  • 3DES-SHA1
  • AES128-SHA256
  • AES256-SHA256
  • 3DES-Sha256[/ul]

    Diffie-Hellman Group 14,5

     

    Ports All

     

     

    VPN Policy

    Source: All

    Destination: Address All

    NAT OFF

    All Security Profiles OFF

     

     

    Again we are paying people to manage this and they are just doing such a bad job i'm trying to learn this on the fly so any help is greatly appreciated.

     

     

     

    • Terms & ConditionsAccessibility statement