Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CCST
New Contributor

Slow internet speed through FWF30E

Our customer got an upgrade from their ISP and with that a new modem. Now the internet speedtests show 3 mbps down and 10 up. If we plug a computer directly to the modem, we get 100 mbps down and 10 up.

 

One strange thing is that if we use the ISP's own speedtest, we get around 60 mbps down and 10 up through the Fortigate. We have spoken to the ISP and they claim the fault is in our equipment. I have checked the wan port and there is no custom MTU settings applied. Speed of wan interface is 1000 mbps and full duplex.

 

Description Marvell NETA Gigabit Ethernet driver 00000010
System_Device_Name wan
Current_HWaddr 70:4c:a5:22:11:61
Permanent_HWaddr 70:4c:a5:22:11:61
State up
Link up
Speed 1000
Duplex full
Rx_Packets 26878
Tx_Packets 24300
Rx_Bytes 19236130
Tx_Bytes 8121040

 

if=wan family=00 type=1 index=4 mtu=1500 link=0 master=0
ref=146 state=off start fw_flags=0 flags=up broadcast run allmulti multicast
Qdisc=mq hw_addr=70:4c:a5:22:11:61 broadcast_addr=ff:ff:ff:ff:ff:ff
stat: rxp=28972 txp=26276 rxb=20229781 txb=8594900 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=146

10 REPLIES 10
nageentaj
Staff
Staff

Hi Team,

Could you confirm the CPU  and memory utilization you are seeing on gui.

Could you please create a plain firewall policy for a single machine, keep the policy above all the rules and test the speed.

Also please execute the below commands to check if there are any drops at interface level

#diag hardware device info port name

#fnsysctl ifconfig  wanport

#get system performance status

#diag sys top

Also, let us know if you have configured any traffic shaping policy

CCST
New Contributor

I don't think there are any big bandwidth consumers on the network. The test results are very consistent. There are no traffic shapers being applied.

 

wan Link encap:Ethernet HWaddr 70:4C:A5:22:11:61
inet addr:62.16.163.116 Bcast:62.16.163.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:1401626 errors:0 dropped:0 overruns:0 frame:0
TX packets:883533 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:1578368022 (1.5 GB) TX bytes:191556583 (182.7 MB)
Interrupt:194

 

CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU0 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU1 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
Memory: 1030440k total, 415892k used (40.4%), 602084k free (58.4%), 12464k freeable (1.2%)
Average network usage: 300 / 297 kbps in 1 minute, 652 / 665 kbps in 10 minutes, 621 / 413 kbps in 30 minutes
Average sessions: 318 sessions in 1 minute, 274 sessions in 10 minutes, 299 sessions in 30 minutes
Average session setup rate: 1 sessions per second in last 1 minute, 1 sessions per second in last 10 minutes, 0 sessions per second in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 0 days, 8 hours, 38 minutes

 

Run Time: 0 days, 8 hours and 39 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 1006T, 585F
httpsd 405 S 0.9 1.8
dnsproxy 239 S 0.4 3.9
cw_wtpd 245 S 0.4 1.6
httpsd 1447 S 0.4 1.4
newcli 1468 R 0.4 0.5
cmdbsvr 104 S 0.0 2.4
pyfcgid 1173 S 0.0 2.2
pyfcgid 1177 S 0.0 1.9
sslvpnd 221 S 0.0 1.8
httpsd 209 S 0.0 1.8
cw_acd 242 S 0.0 1.8
httpsd 281 S 0.0 1.8
miglogd 207 S 0.0 1.7
httpsd 1453 S 0.0 1.5
pyfcgid 1175 S 0.0 1.5
pyfcgid 1176 S 0.0 1.5
forticron 216 S 0.0 1.3
httpsd 1465 S 0.0 1.3
fgfmd 241 S 0.0 1.1
httpsd 1466 S 0.0 1.1

Muhammad_Haiqal

Hi CCST,

 

Please make sure your testing is as below:

PC <<>> Fortigate <<>> Modem ISP

Means, the testing is between this 3 devices only. No switch, no Access point.
1 PC direct connect to the Fortigate and run the speed test again.

Make sure Policy IPv4 did not enable with any security profiles.

Please let me know your finding so we can proceed further.

haiqal
CCST

I will try that later when I am on-site.

 

However I can monitor bandwidth usage in FortiView. I have monitored WAN for idle periods and then ran a speedtest from local server. I then see that the test consumes about 3 Mbps of bandwidth and after the test completes, the WAN interface is again idle. This to me indicates that there is nothing else fighting for the available bandwidth.

 

Remaining suspects are a broken cable between modem and FGT or perhaps a loop or something else creating network noise, but then I would have expected it to show up on interface statistics. There is also the fact that test speed is much better when using ISP's own speedtest.

 

I will update after on-site visit.

Muhammad_Haiqal

Hi CCST,
Yes, broken cable, loop, can lead to your issue too.
The best way is to minimize possibilities and connect direct to the Fortigate.
Hope to have your finding soon. :)

haiqal
CCST

I just got the results from disconnecting everything from the FGT:

 

Directly connected to modemInOut
speedtest.net10510
fast.com100 
broadbandspeedchecker.co.uk10010

 

Through FGT, only 1 PCInOut
broadbandspeedchecker.co.uk67,0010
speedtest.net3,0010
google54,0010
speed.io2,3010
openspeedtest.com66,0010
bredbånd.no1,8010

 

What could be causing these very differing results through the FGT?

Muhammad_Haiqal

Hi CCST,
Thank you for the update.

Some speedtest website use javascript and do simultaneous download and not really accurate. I would suggest to use HTML5 speedtest like openspeedtest.com .
May i know, are you using PPPOE or static ip on the FortiGate.
I can see you are using model FWF30E. If you are using PPPOE, please consider to use static IP. Lower end model basically did not have enough capability to handle PPPOE for high bandwidth.

haiqal
CCST

It is a dynamically assigned IP from the ISP (no NAT). It is not PPPOE.

Muhammad_Haiqal

Hi CSST,
I wish you can get a proper support on this.  Do you mind to call Fortinet support?
Here is Fortinet hotline: number: https://www.fortinet.com/support/contact.html

Hope your case can be solve soonest.

haiqal