Hi guys,
as subject, if in the datasheet says 1G firewall throughput, how we know the current throughput has been use by fortigate?
can we calculate from the CPU and memory usage? if yes how to calculate?
Thanks for your reply ..
Regards
OMYN
Technical Consultant | Indonesia CCNP Security, Fortinet NSE
Hey,
"get system performance status" should give you a good starting point!
FW_1 (global) # get system performance status CPU states: 6% user 9% system 0% nice 85% idle CPU0 states: 5% user 10% system 0% nice 85% idle CPU1 states: 5% user 11% system 0% nice 84% idle CPU2 states: 6% user 10% system 0% nice 84% idle CPU3 states: 10% user 6% system 0% nice 84% idle Memory states: 70% used Average network usage: 117261 kbps in 1 minute, 63268 kbps in 10 minutes, 101557 kbps in 30 minutes Average sessions: 17163 sessions in 1 minute, 16617 sessions in 10 minutes, 17018 sessions in 30 minutes Average session setup rate: 128 sessions per second in last 1 minute, 134 sessions per second in last 10 minutes, 140 sessions per second in last 30 minutes Virus caught: 0 total in 1 minute IPS attacks blocked: 0 total in 1 minute Uptime: 228 days, 16 hours, 17 minutes
you can use the command : get system performance status
OMYN
Technical Consultant | Indonesia CCNP Security, Fortinet NSE
Hello,
Someone have the answer ?
i have the same question about the throuput.
with the command 'get system performance status' you have the 'Average network usage'.
Is it the rx and tx values display in Average network usage ?
To get the throuput as the datasheet, we need to add up tx and rx ?
Thanks in advance.
In addition to the previous solutions, you can refer to a chart showing interface bandwidth.
To create based on FortiOS 6.09:
Click Dashboard / Main / Add Widget (icon bottom right corner of page) / Monitor / Interface Bandwidth / Select interface from dropdown / Add Widget.
This will add the Widget to the Dashboard / Main page usually at the bottom of the page.
You can then change the time frame of the graph to 1 Hr. / 24 Hrs. / 1 Week
You can add multiple charts one for each interface that you wish to monitor.
Hi,
If you would like to get a proper throughput of the FortiGate or any device. The best test would be to run an IPerf test as you want to check if that matches to the datasheet or not. Also, as SecurityPlus mentioned you can add a widget in order to check it on the FortiGate.
Also, you can filter the session out by the source and check the sent and received bytes in the sessions for particular source and destination:
# diag sys session filter src <source IP Address>
# diag sys session filter dst <dest IP Address>
# diag sys session list
This will show you information regarding that session and the amount of data passed through the FortiGate for that session.
Hopefully this helps,
Patel
FYI there's an inbuilt ifperf tester in the FGT
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45599
@neonbit, thank you for the info. I almost jumped out of my chair. I didn't know they implemented it with 5.6. Although this would work for the case in question, I was hoping this can be set between two FGTs; one server and one client like over an IPSec tunnel. Apparently it's only for inside of one FGT from ingress interface to egress interface. I don't know why they had to limit the feature, otherwise It could have been tremendously helpful and giving a competitive edge against competitors. I sat back down the chair.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.