Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tracyp
New Contributor

How do I give TELNET traffic priority through an IPSEC VPN?

Hello :)

We have a fortigate 90D running multiple IPSEC vpns. One link is a little slow and keeps causing AS400 (IBM) sessions to drop.

As this uses telnet, how can I prioritise telnet packets through this VPN ?

 

Thanks

Tracy

3 REPLIES 3
Nihas
New Contributor

As far my understanding there could  be many reasons for the slowness over IPsec VPN.

[ul]
  • Your internet traffic might be on peak
  • Remote network traffic might be on it's peak.
  • Remote local network may have slowness problems due to many reasons ( Intermediate devices , broadcast flooding etc)[/ul]

    And if you are using an interface based VPN create a seperate policy only with the Telnet service  with " Traffic Shaping " options. And put the normal access policies below on that. So atleast you can ensure your telnet traffic is not stuck on traffic queue and it will have priority.

     

    But Still I don't think that it will help you to fix the slowness issue unless you find out the root cause for the slowness issue. :)

     

     

     

  • Nihas [\b]
    emnoc
    Esteemed Contributor III

    I have to agree with nihas, and would even add have you ran any L4  analysis  between client and  AS400? A opensource tool like tcptrace will provide details on tx/rc retrans, delay,etc.....

    www.tcptrace.org/

     

    Once you have any ideal of the traffic statistics, than you can drill in. Also keep in mind you mem=ntion prioritizing telnet over ipsec but how much ipsec do you have at either vrs the  available bandwdidth?

     

    I would start by graphing the ipsec tunnels ( hopefully they are ALL interface mode ) and try to look at the available bandwidth and utilization at each ends.

     

    PCNSE 

    NSE 

    StrongSwan  

    mfhilmi
    New Contributor

    Hi guys,

    maybe I am out of the thread, but could you explain how our FG unit can forward SNA traffic (AS400) in NAT/Route mode?