Technical Tip: How to increase the SSL VPN tunnel mode bandwidth for small model (multi SSL VPN client)

This article describes how to increase the SSL-VPN tunnel mode bandwidth for small model (multi SSL-VPN client).

Topology:

iperf server <--> FortiGate (SSL-VPN) <--> sslvpn client (iperf client)

1. When SSL VPN tunnel mode is set up, the iPerf testing result of FortiGate-61E is around 80Mbps.

2. Even if two SSL-VPN client are setup to generate two SSL-VPN tunnel traffic, the total bandwidth is around 90Mbps.

3. # diag sys top shows only one sslvpnd process serving the SSL-VPN tunnel traffic.

1. Increase the sslvpnd worker account:

config system global
       set sslvpn-max-worker-count 2
end

2. After the settings, when two SSL VPN client are setup to generate two SSL VPN tunnel traffic, the total bandwidth is around 150Mbps.

2. There are two sslvpnd processes serving the SSL-VPN tunnel traffic and increasing the bandwidth.

Related articles:

• Troubleshooting Tip: SSL VPN Troubleshooting
• Technical Tip: FortiGate SSL VPN best practices guide
• Technical Tip: SSL VPN with external DHCP Server
• Technical Tip: Reasons for the 'iprope_in_check() failed' error in SSL VPN
• Troubleshooting Tip: Error 'SSL-VPN slow file transfer issue'
• Troubleshooting Tip: Checking maximum number of SSL VPN users using ‘diagnose vpn ssl statistics’
• Technical Tip: FortiGate IPSec VPN Resource List
• Technical Tip: FortiGate Resource Lists