Created on 03-25-2024 10:52 AM Edited on 11-24-2024 05:16 AM By Jean-Philippe_P
Description | This article describes a known issue where network throughput decreases substantially when passing through the FortiGate 200F, 400F, or 600F models. The issue most frequently occurs when traffic passes from a higher-speed interface to a slower-speed interface (i.e. 10Gb to 1Gb), but the issue has also been known to occur in 1Gb to 1Gb scenarios. |
Scope |
FortiGate-200F/201F, 400F/401F, 600F/601F. |
Solution |
The permanent fix is to Upgrade the FortiOS to 7.2.8 or 7.4.4. However, for 400F/401F/600F/601F units, the following workaround can be used if upgrading is not an option.
For 200F/201F These commands are only available from 7.2.8/7.4.2 or above, So those devices will not be able to implement a workaround.
diag sys mvl cli configure interface range ethernet 0/4-31 tail-drop packet-limit 4095 buffer-limit 65535 alpha 0.0 tail-drop-queue queue all dp all packet-limit 512 buffer-limit 4096 alpha 0.0 end CLIexit <----- To exit Marvell CLI.
This issue is reported as a Known issue of 910829 (LAN to WAN poor throughput) and 965482 (SSL VPN throughput issue). This workaround is not persistent between reboots, nor is it synchronized between HA FortiGates (i.e. the command must be applied on a per-device basis and executed again after reboot). The workaround is safe to run during production, as it simply increases the upper-limit for the amount of shared buffer that each switch port may use. There is also no disruption to existing traffic when the commands are run. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.