FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to use DTLS to improve SSL VPN performance.
Occasionally, SSL VPN performance can be slower than expected. Since the SSL VPN encapsulates a TCP connection within another TCP connection, this can cause interference between timeouts, and other issues. See external link for more information.
Since FortiOS 5.4, it is possible to use DTLS to address this problem.
DTLS has the same security as SSL, but uses UDP instead of TCP. This can improve performance drastically.
Solution To enable DTLS on SSL VPN, run the following commands:
#config vpn ssl settings set dtls-tunnel enable/disable end
This is enabled by default since 5.4.
If the client(s) are still using TCP, check FortiClient settings to ensure that the option “Preferred DTLS Tunnel” is checked in the settings. See FortiClient help article for more information.
