Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Renante_Era
Staff
Staff

Created on ‎08-28-2024 10:52 PM Edited on ‎11-06-2024 03:26 AM By Community Manager

Article Id 337198

Troubleshooting Tip: How to determine the speed from local host to its upstream FortiGate

Description This article demonstrates how to determine the speed of a local host to its upstream FortiGate using iPerf3.
Scope FortiGate.
Solution

Determining the speed between the local host and the upstream FortiGate is necessary when the host is experiencing a slow connection between the local host to the internet, the local host to a host across the IPsec VPN tunnel, or the local host to another host across different network subnet.

 

  1. Download and extract the downloaded zip file. Open the Downloads folder using File Explorer in Windows if the zip file was saved in the Downloads folder. Next, 'right-click' the downloaded file, select Extract All, and select Extract.

 

iPerfDownload.jpg

 

  1. Open a Command Prompt and determine the IP address of the local host using ipconfig.

                            

    localIPaddr.jpg

     

  2. Run iperf3 -s on the command line. The default port is 5201 and the port can be manually specified using iperf3 -s -p <port number>. For instance, iperf3 -s -p 443.
                                

    iPerf3.jpg                                                        

Configure the iperf settings on the FortiGate CLI and initiate the client test. The command diag traffictest ? shows the available options.
                                             

TrafficTest.jpg                                                                    

Identify the interface where the local host is connected and configure traffictest's server and client interface. For instance, if the local host is connected to a wireless SSID that is a member of FortiGate's software switch lan, then the commands are as follows:

diag traffictest server-intf lan

diag traffictest client-intf lan

TrafficTest-2.jpg                                            

  1. Initiate the iPerf client test where FortiGate is the user.

diag traffictest run -c <IP address> -p 5201 -i 10 -f m -b 0 -t 60

 

Repeat the iperf test in a reverse direction.

diag traffictest run -c <IP address> -p 5201 -i 10 -f m -b 0 -t 60 -R
                           

TrafficTest-3.jpg

                            

-c -- iPerf is running in client mode, define IP address of iPerf server
-p -- the port on which iPerf server is listening
-i -- interval time in seconds (default: 0)
-f -- format to print bandwidth values ['k' = Kbits/sec, 'K' = KBytes/sec, 'm' = Mbits/sec, 'M' = MBytes/sec]
-b -- target bandwidth (default: 1 Mbit/sec for UDP, unlimited for TCP)
-t -- time in seconds the iPerf test will run (default: 10 seconds)
-R -- reverse mode used to measure download speed (server sends, client receives)


More command line options can be found in iPerf documentation.
https://iperf.fr/iperf-doc.php

Note:

  • Press Ctrl+C to stop iPerf3 on Windows Command Prompt.
  • Ideally, connect the local host directly to FortiGate instead of a wireless connection to WiFi SSID.
1080
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.