Hi ,
WE have two fortigate , ine is 201E datacenter and one is 80E . We have IPsec tunnel between these locations . Everything works fine except 2 application which are database application located in datacenter. File transfer is 20 times faster than these apps . I tested file transfer from same server in datacenter to same desktop from branch. There was no speed issue but when we try to use apps , it is so slow . Same apps are working fine in datacenter . We have 100 meg speed at branch .
There is no security profiles on both sides . Everything else are working fine , so any suggestion ?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I would look at tcp.mss value and adjust iaw with the path-mtu.
Ken Felix
PCNSE
NSE
StrongSwan
Hi ,
Thanks for suggestion , but we do not have any problem when we try to make file transfer like 500Gb , it takes only second . If it is tcp.mss issue , should it be problem for every transaction not only for specific two apps ?
Thanks
No
Each session and maybe that client/server app uses or try to use a tcp mss value that's not supported over the ipsec tunnel
Doing a path or adjust the value to 1420 and retest.
i.e ( cli only per policyid )
set tcp-mss-sender 1420 set tcp-mss-receiver 1420 https://forum.fortinet.com/tm.aspx?m=161526 Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.