Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
UniMK
New Contributor

Created on ‎03-20-2025 06:00 AM

50% packet loss when using "a connection bridge"

 

Good morning everyone

We are experiencing a strange situation. The following is the scenario.

The user connects via SSL VPN to the head office's fortigate and then, in this connection, with the head office's devices, the packet loss is minimal. However, this SSL VPN connection needs to access a server with an application hosted in a branch office. On this route, the SSL VPN to the head office and from the head office to the branch office has an average packet loss of 50%, sometimes 60%.

Important information: communication between the head office and the branch office is normal, with an acceptable packet loss of only 0.5%.

In short:


User connects via SSL VPN to Fortigate at headquarters
Connection established with headquarters
Packet loss: minimal


User accesses devices at headquarters
Stable connection
Packet loss: minimal


User tries to access server with application at branch office
SSL VPN connection to headquarters
Connection from headquarters to branch office
Packet loss: average of 50%, sometimes 60%

 

Labels:
84
0 Kudos
1 Solution
UniMK
New Contributor

Created on ‎03-24-2025 05:21 AM

I was part of the established connection, but specifically part of the second phase of ipsec, I created the addresses again with the option marked as active static route.
The strange thing is that both Route Lookup and Policy Match return accepted routes and allowed policies.

View solution in original post

34
2 REPLIES 2
UniMK
New Contributor

Created on ‎03-20-2025 06:03 AM Edited on ‎03-20-2025 06:05 AM

Important information

Communication between the head office and the branch is normal
Packet loss: acceptable, only 0.5%

And communication between the head office and the branch is carried out by 3 IPSEC internet links using Aggregated Ipsec

and both equipment, head office and branch, use the fortigate 100f

81
UniMK
New Contributor

Created on ‎03-24-2025 05:21 AM

I was part of the established connection, but specifically part of the second phase of ipsec, I created the addresses again with the option marked as active static route.
The strange thing is that both Route Lookup and Policy Match return accepted routes and allowed policies.

35
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.