Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
raphaejaoliveira
New Contributor

Created on ‎12-07-2020 04:05 AM

Diag Traffictest

Hi.

 

I am need test the MPLS bandwidth. For this I am use diagnose traffic test, in fortigate 100E and 200e the test was wll, but when a tried from fortigate 60E or 40F the test fail.

When a execute "diag traffic -c x.x.x.x

 

[image][/image]

How can I use traffictest when the interface name is "internalX" and not "portX"??

16381
0 Kudos
13 REPLIES 13
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-07-2020 09:50 AM

My understanding based on this KB is "diag traffictest" runs iperf test between an ingress port to an egress port, inside of the FGT. It doesn't test against a circuit.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45599

What you need to have to test a circuit terminated at a FGT is a pair of iperf servers, one located on the other end of the circuit and one behind the FGT, then test performance anything in-between, which is difficult to do if you can't place anything inside of MPLS provider's network behind the PE.

 

By the way, I don't see the "-c" option under diag traffictest. Maybe you're talking about a different command?

xxx-fg1(6.2.6) # diag traffictest ? show           Traffic settings show run            Start traffic. server-intf    Server interface. client-intf    Client interface. port           TCP or UDP port number (0 - 65535). proto          0 for TCP or 1 for UDP (default = 0).

10403
0 Kudos
raphaejaoliveira
New Contributor
In response to Toshi_Esumi

Created on ‎12-15-2020 05:42 AM

Hi Toshi.

 

Is possible you use Diag Traffictest between fortigate and a remote desk top with Iperf how server.

I used he and I have success.

10403
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to raphaejaoliveira

Created on ‎12-15-2020 08:50 AM

I tested with the way Ken suggested, and with iper3 server-side (means not-client-side) running on a Fedora machine. I was remotely operating it but the remote access didn't use the test path (out of band).

Still that path, just a cable, showed only a half of the interface speed, while the sever to another server showed close to full speed.

If you set up the environment carefully, you should be able to do the same to see what kind of number you can get.

10403
0 Kudos
Yurisk
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎12-15-2020 10:51 AM

Just for the reference and for anyone who happens to be banned by Google :) :

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45599

https://yurisk.info/2020/01/24/fortigate-iperf-traffic-test-built-in-client-cli/

https://weberblog.net/iperf3-on-a-fortigate/

https://www.infosecmonkey.com/2020/05/14/built-in-iperf-on-the-fortigate-firewall/

 

Yuri Slobodyanyuk
Yuri Slobodyanyuk
10403
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Yurisk

Created on ‎12-15-2020 11:08 AM

Thanks Yuri for sharing. I didn't pay attention to CPU usage.

10403
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-07-2020 09:57 AM

I didn't read the KB entirely.

#diag traffictest run -c 89.84.1.222  was described. So you're saying changing client-interface name doesn't work?

[size="2"]#diag traffictest client-intf interface_name [/size]

 

 

10403
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎12-07-2020 10:19 AM

I see what you're seeing. When I tried it on a 60E, it says:

Can not find interface:port1

 

I need to wait what others have to say about it too. Or need to open a ticket with TAC.

10403
0 Kudos
brycemd
Contributor II
In response to Toshi_Esumi

Created on ‎12-07-2020 11:36 AM

You have to set both a server and client interface or else it defaults to port1

10403
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to brycemd

Created on ‎12-07-2020 11:48 AM

So you're saying to test with an external iperf server, the FGT model needs to have "port1" like upper models (3 digit models or higher)?

10403
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.