Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
J_Xia
Staff
Staff

Created on ‎03-20-2024 11:32 PM Edited on ‎06-26-2025 07:00 AM By Moderator

Article Id 305676

Technical Tip: Unable to establish an iPerf connection with a FortiGate acting as a SpeedTest Server and running v7.4.3 and higher

Description

This article describes that when a FortiGate device set up as an iPerf Client attempts to connect to another FortiGate device running v7.4.3 + and configured as a Speed Test server, the traffictest command on FortiGate iPerf Client produces the following error messages:

 

iperf3: error - control socket has closed unexpectedly
iperf3: interrupt - the server has terminated

 

002.png

 

Topology:
FortiGate 90E-------internet---------FortiGateVM

 

  • FortiGate-90E is acting as an iPerf Client.
  • The speed test server is enabled on FortiGate-VM.

 

004.png

 

A sniffer on FortiGate-VM shows that the connection is closed with a 'FIN'.


001.png
Scope FortiGate v7.4.3. and above.
Solution

FortiGate acting as a speed test server is not a standard iPerf server and should not be used for traffic testing.

FortiGate traffictest and speedtest server functions are not designed to be connected. For information on how to use the speedtest server, refer to the following documentation:

Speed tests run from the hub to the spokes in dial-up IPsec tunnels 7.0.1

 

The traffictest function is intended for:

  1. Testing internal traffic between two ports on the same FortiGate, for example, to test throughput between the VLAN/LAN interface and WAN1.

 

003.png

 

  1. To connect with an external iperf server.

 

  • As of v7.4.3 +, an additional layer of authentication is included and performed during communications between the speedtest server and the client.
  • If a traffictest client attempts to connect to the same port as the speedtest server on FortiGate, the authentication will fail.
  • The connection closes with a 'FIN' to the FortiGate iperf Client. Fortinet recommends the use of a dedicated instance of the iperf server, which is publicly/locally hosted for Iperf testing.

Note: As described in Troubleshooting Tip: Configure FortiGate as speed test (iperf) server: to run the traffictest on the FortiGate, the speedtest-server must be disabled.

 

config system global

sh full-configuration | grep speedtest
set speedtest-server disable <-----
4576
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.