FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Hassan09
Staff
Staff
Article Id 250960
Description The throughput performance of traffic across FortiGate IPsec tunnels on AWS can be limited, leading to high latency and application slowdown. This article will explain possible causes of this issue and provide a solution to improve the performance of FortiGate IPsec tunnels in AWS.
Scope FortiGate in AWS.
Solution

An IPsec tunnel's throughput performance can be limited because the tunnel session is processed by only one CPU core, which may lead to low performance and slow data transfer across the tunnel.

 

To improve IPsec performance throughput, enable the ipsec-soft-dec-async setting under the config system global settings. This setting allows the IPsec session to be distributed and decrypted using the available VM cores, thus increasing network throughput.

 

Configuration steps:

 

# config system global

set ipsec-soft-dec-async enable

end

 

Enabling the above feature can significantly improve IPsec performance throughput.

Contributors