FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Article Id 198472

Description

This article provides some basic troubleshooting tips to use if a FortiGate appears to be experiencing slow HTTP performance.


Scope

All FortiGate users


Solution

The following steps should be performed if HTTP slowdown is experienced by a FortiGate device.

1. There could be an incorrect network speed or incorrect duplex speed set on one of the FortiGate's system interfaces, run the following commands on the CLI of the FortiGate:
# dia hard device nic <external interface name>
# dia hard device nic <internal interface name>
2. Check the Ethernet speed and duplex settings on the switch or router that the FortiGate is patched to, and ensure that these are correct.

3. Check whether the FortiGate is experiencing high CPU and high memory usage by running the following commands on the CLI of the device:
# get sys performance status
# dia sys top 1 <let it run for 10 seconds, CTRL+C to stop>
4. There could be an issue with a specific outgoing Firewall Policy with a protection profile enabled, it is advisable to check the outgoing profiles (there may be several) one by one, and disable the protection profile one by one, temporarily, to see whether there is an improvement in performance for the users experiencing HTTP slowdown.

5. If these steps do not correct the behaviour of the FortiGate then it may be necessary to open a FortiCare Support Ticket. The following information should be provided:

- the output collected in Step 3.
- the number of the Firewall Policy(s) affected by the issue.
- the name of the Protection Profile
.- a copy of the configuration file of the FortiGate.
- the following CLI ouput from the FortiGate:
FGT200A-1 # get sys status
Version: Fortigate-200A v4.0,build0192,091222 (MR1 Patch 2)
Virus-DB: 9.00795(2008-12-08 15:09)
IPS-DB: 2.00593(2009-02-05 20:34)
FortiClient application signature package: 1.157(2010-02-22 17:01)
Serial-Number: FG200A2104400056
BIOS version: 03006000
Log hard disk: Available
Hostname: FGT200A-1
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: a-p, master
Distribution: International
Branch point: 192
Release Version Information: MR1 Patch 2
System time: Tue Feb 23 07:34:00 2010

FGT200A-1 #
 

 

Contributors