Help
FortiTester
sfrati
Staff
Staff

Created on ‎03-14-2025 01:33 AM Edited on ‎03-14-2025 01:34 AM By Moderator

Article Id 381998

Technical Tip: How to simulate client-server traffic running through a FortiGate using FortiTester

Description

This article describes generating a simple client-server flow through a FortiGate in a lab.

 

Simple flow, because this is not for testing performance issues: if someone needs to test performances, use a real FortiTester appliance.


The FortiTester is a KVM (ESXi VMs are not always working depending on the labs used).
The tested FortiGate can be a VM or a real appliance.
Scope FortiTester-KVM 7.4.3, FortiGate any version.
Solution

The original need comes from the field, an administrator reporting that the FGCP cluster is not failing-over RDP, FTP, and SSH connections during an upgrade phase when pushed from the FortiManager.

So, the simplest way to focus on the upgrade-test and not traffic-generation, is to build this lab and use FortiTester to generate RDP, FTP, SSH, and HTTP traffic in a loop where the FortiGate sits between the Client-part of the FortiTester (VLAN491) and the Server-part of the same FortiTester (VLAN492).

 

  1. Install FortiTester (7.4.3) and connect port1 to VLAN491, port2 to VLAN492:

Note: VLAN491 and VLAN492 are private VLANs dedicated to personal use, reserved in a lab. It can be any other reserved dedicated VLAN.

 

  1. Log in to FortiTester and select the 'System Settings' icon.

    ft2.png

     

    Then Network -> Interfaces and check that port1 and port2 are UP (on FortiTester on ESXi, it never showed up).

     

    ft3.png

     

  2. In FortiLab, connect the DUT (Device Under Test) or FortiGate to respective port1 -> VLAN491 and port2 -> VLAN492.
                                         

    ft4.png

     

    Note: It can be any other port on the FortiGate device, of course.
    For simplification, VLAN491 is subnet 10.4.91.0/24.
    For simplification, VLAN492 is subnet 10.4.92.0/24.

     

    Here is the diagram of the constructed simple network topology:

     

    ft5.png

     

  3. On FortiGate, define appropriate addresses, and policies and authorize the traffic.

     

  4. On FortiTester, select the 'Performance' icon.
                                

    ft6.png

    First define the mapping of the interfaces of FortiTester (which port is the client, which one is the server) by selecting 'Performance Testing -> Objects -> Port Mapping'.


    Select 'Create New' and make it as basic as this one:
                                  

    ft7.png

     

    Second, create the 'Networks' that need to be simulated by FortiTester by selecting 'Performance Testing > Objects > Networks' and make it as basic as this one:

     

    ft8.png


    Here, simulated client 10.4.91.1 with send traffic to simulated server 10.4.92.1 through default gateway 10.4.91.163 (FortiGate cluster).

    Third, create the test, for instance, 'HTTP -> CPS' that needs to be simulated by FortiTester by selecting 'Performance Testing -> HTTP -> CPS' and make it as basic as this one :

  • 'Basic Information' frame: for a 10-minute run:

 

ft9.png

  • 'Network settings' frame:
    Select 'Save Global Port Setting/Network Config:' and '/Port Mapping:' just created in the previous steps.

 

ft10.png

 

  1. Select 'Save' and 'Start' and see the progress in real-time:

     

 

ft12.png


When it is running, select the generated report to display the full results.

 

ft11.png


Related articles:
Labels:
53
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.