Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
J_Xia
Staff
Staff

Created on ‎03-20-2024 11:32 PM Edited on ‎11-19-2025 10:13 PM By Moderator

Article Id 305676

Technical Tip: Unable to establish an iPerf connection with a FortiGate acting as a SpeedTest Server and running v7.4.3 and higher

Description

This article describes that when a FortiGate device set up as an iPerf Client attempts to connect to another FortiGate device running v7.4.3 + and configured as a Speed Test server, the traffictest command on the FortiGate iPerf Client produces the following error messages:

 

iperf3: error - control socket has closed unexpectedly
iperf3: interrupt - the server has terminated

 

002.png

 

Topology:
FortiGate 90E-------internet---------FortiGate VM.

 

  • FortiGate-90E is acting as an iPerf Client.
  • The speed test server is enabled on FortiGate VM.

 

004.png

 

A sniffer on FortiGate VM shows that the connection is closed with a 'FIN'.


001.png
Scope FortiGate v7.4.3. and above.
Solution

FortiGate acting as a speed test server is not a standard iPerf server and should not be used for traffic testing.

FortiGate traffictest and speedtest server functions are not designed to be connected. For information on how to use the speedtest server, refer to the following documentation:

Speed tests run from the hub to the spokes in dial-up IPsec tunnels 7.0.1

 

The traffictest function is intended for:

  1. Testing internal traffic between two ports on the same FortiGate, for example, to test throughput between the VLAN/LAN interface and WAN1.

 

003.png

 

  1. To connect with an external iperf server.
  • As of v7.4.3 +, an additional layer of authentication is included and performed during communications between the speedtest server and the client.
  • If a traffictest client attempts to connect to the same port as the speedtest server on FortiGate, the authentication will fail.
  • The connection closes with a 'FIN' to the FortiGate iperf Client. Fortinet recommends the use of a dedicated instance of the iperf server, which is publicly/locally hosted for Iperf testing.

 

Note: As described in Troubleshooting Tip: Configure FortiGate as speed test (iperf) server: to run the traffictest on the FortiGate, the speedtest-server must be disabled.

 

config system global

show full-configuration | grep speedtest
set speedtest-server disable <---

 

  1. After disabling speedtest-server under config system global, FortiGate can be used as a server for traffic test. To use FortiGate as a Server for Traffic testing using IPERF, "diag traffictest run -s" can be used to start server mode:

     

  • Commands to run on the FortiGate acting as a server for the traffic test:

 

FGT-VM# diagnose traffictest server-intf wan1
FGT-VM# diagnose traffictest port 5201
FGT-VM# diagnose traffictest run -s   <---- This command starts IPERF server mode for traffic test.

 

  • Commands to run on Client FortiGate for traffic test:

 

FGT# diagnose traffictest client-intf port26
FGT# diagnose traffictest port 5201
FGT# diagnose traffictest run -c <server-IP>      <---- This command gives upload speed.
FGT# diagnose traffictest run -c <server-IP> -R   <---- This command gives download speed. 

 

Related articles:

Troubleshooting Tip: Configure FortiGate as speed test (iperf) server  

Technical Tip: Use cases for the diagnose traffictest command.
5530
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.