|Description||This article describes the common troubleshooting methods to help identify and correct poor throughput.|
Low throughput can affect a network in a variety of ways, from being protocol or application-specific to impacting all services and hosts.
Back up the FortiGate config file to a safe location before following the steps below.
Document the hosts involved, such as the test client IP and server IP.
Is only Internet-bound traffic affected? If so it may be a good idea to schedule a maintenance window to reboot the ISP modem before continuing through this article.
If there is packet loss (especially above 2% total) it is recommended to address it before continuing.
Throughput can suffer drastically if packet loss occurs.
Some common causes could be bad cabling, low system resources on the client/server, or intermediate network equipment
To check a FortiGate port (which should be done for both ingress and egress interfaces) run:
diag hardware deviceinfo nic <portname>
diag hardware deviceinfo nic port1
Supported: 1000full 10000full
In the above example, it can be seen that the port1 interface negotiated to a 10 Gbps speed.
Ensure the FortiGate has sufficient resources, and that anomalous behaviour is not contributing to the low throughput.
Run the following during testing:
get sys perf st
diag sys top-summ
If the system is in conserve mode that lower throughput can be expected. The source of the conserve mode would need to be addressed first.
Also, under FortiView -> Policies/Sources/Destinations there is some bandwidth information available.
If traffic is saturated, consider implementing a guaranteed traffic shaper for the traffic in question.
This ensures internal infrastructure is not contributing to the issue.