Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
andrei123
New Contributor

Throughput problem with FGT 60D and PPPoE connection

The unit is set up with FortiOS 5.2.2 and has the wan1 port connected to the ISP with PPPoE (1Gb subscription).

If I connect the laptop or computer directly with PPPoE to the ISP I get ~800 Mb throughput (tested with speedtest, ISP's own speedtest and torrents). When I connect the Fortigate unit the throughput is capped at ~190 Mb (~140 with 5.2.5) and the unit stops responding (CPU 100%).

I tried the following configurations:

- internal lan in switch mode or in interface mode (hardware switch)

- tried with firmwares 5.0.10 and 5.2.1

The MTU for the PPPoE is 1492 so I also tried with mtu-overrride 1492 and still the same

The unit behaves the same in every situation high cpu and capped througput.

All the UTM features are turned off. All the tests are done with the basic configuration, just a policy from internal to wan1..

Also another strange thing is that when I test with the download limited ~100Mb so that the unit doesn't completely freeze I can see from the top command that the CPU is 50% hogged by the system, however there is no process in the list with that high of a load (if you add all the processes they add up to max 10%).

Any ideas would be greatly appreciated ..

 

I also noticed that the traffic is not going through the NP4Lite so I guess the 'Supports firewall acceleration across all packet sizes for maximum throughput' on the FGT 60D spec sheet on Fortinet website might be false advertising.

 

Update: There is no way that I found for a 60D  to reach gigabit speeds on PPPoE connection. Max throughput is 140 Mb.

A workaround is to have another router in front of the 60D to do the PPPoe connection ( i got a Ubiquiti Edgemax Lite router for 100E that works amazing)

 

Best regards,

Andrei

 

 

 

1 Solution
freb
New Contributor

I had the same issue with the 60d and gigabit internet with PPPOE. I never found a good solution, so I decided to upgrade. After weighing my options, sticking with an upgraded Fortigate seemed like the best bet (as opposed to going with a PFSense box, which would probably have been at least as expensive, or a Ubiquity EdgeRouter). My only question was would the 60e be able to handle the traffic.

 

I ended up going with the 80e for the extra ports, but the 60e should perform similarly. And yes, this device can more than handle PPPOE encapsulation and hit gigabit speeds without coming close to maxing out.

 

Hope that helps anyone considering an upgrade but not wanting to because they don't know if it will solve their bottleneck.

View solution in original post

43 REPLIES 43
Ingo__T

Looks like for the Vigor 165 exist to modes

 

https://www.draytek.com/support/knowledge-base/5705

 

Bridge Mode and Full Bridge Mode

Use Bridge Mode if you don't VLANs, use Full Bride Mode when you have.

 

I have VLAN 7, currently set in the router so i can replace the modem without configuration.

 

I have here a second backup "modem", an Speedport Smart 3 where you can't set anything, simple switch to modem mode.

 

I think, the PPPoE traffic with 250/40 will be handled easy, even it will be CPU bounded. And for the internal traffic i think, i have more to deal with the UTM functionality what to use to get the 1Gbit linespeed. The FW policies and VLAN segmentation should be handled by the SoC so here I don't see performance problem.

 

Thanks for the input.

Heaven_Knows

This topic may be too old

 

But today i face  the same problem, my internet line is 300Mbps upload/download , I use pppoe on 60D wan interface, and the max download/upload speed is only around 140-150Mbps, if i turn off all utm features, it reachs 180mbps.

So i have to use ISP modem to dial pppoe and assign static ip to 60d wan interface, this is the only way to solve the problem.  This model is too old and it's a entry class product. Please upgrade to E or F version . I have another 100F and can pppoe at 500Mbps  without any problem.

 

 

 

 

 

 

Thomas1

Hi

Same problem for me with 90D and ALCATEL or HUAWEI ONT

The brandwith between PPOE session and interface is limit to 200Mbps

 

Anyone have test to config the PPOE session in the Orange ONT ?

I think that you we can configure the ONT in transparent mode.

shuri
New Contributor

Hi Andrei,

 

I have A FG60D with version 6.0.11 and PPoE, and it's work like a charm for speed. Maybe consider to update ?

 

https://docs.fortinet.com...es/760203/introduction