Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yz426onnos
New Contributor

Fortigate 50E not passing more than 223 MBPS on WAN port

Having trouble here, we have a gig internet connection, I am pushing 300 MBPS from our remote sites back to our office and seems the bottle neck is the FG. I have ensured threat detection, application control, IPS, and logging are disabled. However I cannot get this to download more than 220-226 MBPS. I have confirmed with gig switch direct from ISP that I am getting over 900 MPBS and passing traffic fine. 

 

Any ideas what could possible be a miss? 

4 REPLIES 4
Markus_M
Staff
Staff

You might want to check during the traffic test whether the FGT is on a high CPU load.

Also see what kind of traffic this is. If this is traffic decrypted at the FGT as a deep inspected VIP (SSL inspection = protect server) or an IPSec endpoint, this will cause considerable overhead.

 

You can test from the FGT directly with the traffictest command.

This one is described here:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-perform-bandwidth-tests/ta-p/197784...

 

Toshi_Esumi
Esteemed Contributor II

Not sure how much UTM stuff or how many VPNs this 50E is handling. But I'm generally not comfortable putting a full Gig circuit on a 50E, which doesn't have any ASIC chips.

 

Toshi

yz426onnos
New Contributor

So the 50E is running at 16% CPU and is not handling any VPN traffic. All VPN traffic is forwarded to an internal OpenVPN server. 

yz426onnos
New Contributor

bandwidth.png

This is from the provider showing bandwidth. This is a gig connect from them and we cannot get this to go any higher. I know for a fact that we are pushing 300 MBPS to this site.