Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Renante_Era
Staff
Staff

Created on ‎08-28-2024 10:52 PM

Article Id 337198

Troubleshooting Tip: How to determine the speed from local host to its upstream FortiGate

Description This article demonstrates how to determine the speed of a local host to its upstream FortiGate using iPerf3.
Scope FortiGate.
Solution

Determining the speed between the local host and the upstream FortiGate is necessary when the host is experiencing a slow connection between the local host to the internet, the local host to a host across the IPsec VPN tunnel, or the local host to another host across different network subnet.

 

  1. Download and extract the downloaded zip file. Open the Downloads folder using File Explorer in Windows if the zip file was saved in the Downloads folder. Next, 'right-click' the downloaded file, select Extract All, and select Extract.

iPerfDownload.jpg

 

  1. Open a Command Prompt and determine the IP address of the local host using ipconfig.

                            

    localIPaddr.jpg

     

  2. Run iperf3 -s on the command line. The default port is 5201 and the port can be manually specified using iperf3 -s -p <port number>. For instance, iperf3 -s -p 443.
                                

    iPerf3.jpg                                                           

     

  3. Configure the iperf settings on the FortiGate CLI and initiate the client test.

    The command diag traffictest ? shows the available options.
                                                 

    TrafficTest.jpg                                                                    

    Identify the interface where the local host is connected and configure traffictest's server and client interface. For instance, if the local host is connected to a wireless SSID that is a member of FortiGate's software switch lan, then the commands are as follows:

    diag traffictest server-intf lan

    diag traffictest client-intf lan

    TrafficTest-2.jpg                                            

     

  4. Initiate the iPerf client test where FortiGate is the user.

    diag traffictest run -c <IP address> -p 5201 -i 10 -f m -b 0 -t 60

     

     

  5. Repeat the iperf test in a reverse direction.

    diag traffictest run -c <IP address> -p 5201 -i 10 -f m -b 0 -t 60 -R
                               

    TrafficTest-3.jpg

                                

     

Note:

  • Press Ctrl+C to stop iPerf3 on Windows Command Prompt.
  • Ideally, connect the local host directly to FortiGate instead of a wireless connection to WiFi SSID.
145
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.