Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mriha
Staff
Staff

Created on ‎11-11-2025 08:16 AM Edited on ‎11-18-2025 11:54 PM By Community Manager

Article Id 418531

Technical Tip: Running local iPerf3 client to test bandwidth against FortiOS v7.4.8+

Description

This article describes that in FortiOS v7.4.2, an authorization check was introduced for iPerf clients, due to the utilization of the speedtest-server feature for ADVPN (Speed tests run from the hub to the spokes in dial-up IPsec tunnels). Thanks to that, it is no longer possible to test bandwidth between FortiGates as the speed-test check until FortiOS 7.4.8. Since FortiOS v7.4.8+, it is possible to run an iperf server locally, and a regular iPerf client can be used as well.

 

In FortiOS versions older than v7.4.8, the following error is returned when trying to run the iperf server:

 

fgtiperfserver_olderversion# diagnose traffictest run -s
iperf3: parameter error - cannot be both server and client

In FortiOS versions older than v7.4.2, the only possibility to run an iPerf server is by configuring and running the commands below:

 

config system global   
   set speedtest-server enable
end

config system interface
    edit "port1"   
        set allowaccess ping https ssh http speed-test
    next

end

And then run the following on a client FortiGate:

 

diagnose traffictest run -c <FortiGate server IP>

Or use an iPerf3 client:

 

iperf3 -c <FortiGate server IP>
Scope FortiOS v7.4.8+.
Solution

In FortiOS v7.4.8+, configure the FortiGate acting as an iPerf3 server:

 

fgtiperfserver # show system interface port1
config system interface
    edit "port1"     
        set allowaccess ping https ssh http <-- no speed-test configured       
    next
end

fgtiperfserver # show system global | grep speed-test <----- Speed-test is set to disabled.


fgtiperfserver # diagnose traffictest port 5201
fgtiperfserver # diagnose traffictest show
server-intf:    port1
client-intf:    port1
port:   5201
proto:  TCP

fgtiperfserver # diagnose traffictest run -s

On a client FortiGate, run the following command:

 

diagnose traffictest run -c <FortiGate server IP>

Or use an iPerf3 client:

 

     iperf3 -c <FortiGate server IP>

 

Related article:

Troubleshooting Tip: iPerf speed test on a FortiGate
351
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.