Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎02-23-2010 07:19 AM Edited on ‎12-12-2025 10:37 AM By Community Manager

Article Id 198472

Troubleshooting Tip: Slow HTTP performance on the FortiGate

Description

 

This article provides some basic troubleshooting tips to use if a FortiGate appears to be experiencing slow HTTP performance.


Scope

 

All FortiGate users.


Solution

 

The following steps should be performed if HTTP slowdown is experienced by a FortiGate device.
 
  1. There could be an incorrect network speed or incorrect duplex speed set on one of the FortiGate's system interfaces, run the following commands on the CLI of the FortiGate:

 

diagnose hard device nic <external interface name>
diagnose hard device nic <internal interface name>

 

 
  1. Check the Ethernet speed and duplex settings on the switch or router that the FortiGate is patched to, and ensure that these are correct.

  2. Check whether the FortiGate is experiencing high CPU and high memory usage by running the following commands on the CLI of the device:

 

get sys performance status
diagnose system top 1 <----- Let it run for 10 seconds, then press CTRL+C to stop it.

 

 
  1. There may be an issue with a specific outgoing Firewall Policy with a protection profile enabled. It is recommended to check the outgoing profiles (there may be several) one by one, and temporarily disable the protection profiles one by one in order to see whether there is an improvement in performance for the users experiencing HTTP slowdown.

  2. If these steps do not correct the behavior of the FortiGate, it may be necessary to open a FortiCare Support Ticket. The following information should be provided:
  • The output collected in Step 3.
  • The number of the Firewall Policy(s) affected by the issue.
  • The name of the Protection Profile
  • A copy of the configuration file of the FortiGate.
  • The following CLI ouput from the FortiGate:
 
 
FGT200A-1 # get sys status
Version: Fortigate-200A v4.0,build0192,091222 (MR1 Patch 2)
Virus-DB: 9.00795(2008-12-08 15:09)
IPS-DB: 2.00593(2009-02-05 20:34)
FortiClient application signature package: 1.157(2010-02-22 17:01)
Serial-Number: FG200A2104400056
BIOS version: 03006000
Log hard disk: Available
Hostname: FGT200A-1
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: a-p, master
Distribution: International
Branch point: 192
Release Version Information: MR1 Patch 2
System time: Tue Feb 23 07:34:00 2010
 
Related articles:
Technical Tip: Low throughput troubleshooting
Technical Tip: Use cases for the diagnose traffictest command
Troubleshooting Tip: How to troubleshoot speed or bandwidth related issues over Site-to-Site IPsec t...
Technical Tip: How to troubleshoot speed issue through IPsec tunnel using iPerf tool
Labels:
23106
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.