Description | The throughput performance of traffic across FortiGate IPsec tunnels on AWS can be limited, leading to high latency and application slowdown. This article will explain possible causes of this issue and provide a solution to improve the performance of FortiGate IPsec tunnels in AWS. |
Scope | FortiGate in AWS. |
Solution |
An IPsec tunnel's throughput performance can be limited because the tunnel session is processed by only one CPU core, which may lead to low performance and slow data transfer across the tunnel.
To improve IPsec performance throughput, enable the ipsec-soft-dec-async setting under the config system global settings. This setting allows the IPsec session to be distributed and decrypted using the available VM cores, thus increasing network throughput.
Configuration steps:
# config system global set ipsec-soft-dec-async enable end
Enabling the above feature can significantly improve IPsec performance throughput. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.