FortiGate 30E Slow connection via NAT

LOZD · ‎04-18-2024

Hey!

I need some advice from you guys on where to look for the problem.

The network diagram looks like this

WORLD -> FG30E ->2x MikroTik -> 3xESXI 1xNAS

Testing the link from FG -> WAN Using the command diag traffictest run -R -c 45.147.210.189 port 5200 I am getting speeds from 600 to 900 Mbits/sec so let's say its OK

Then I test the connection speed between the FG30E nad Debian Server. I set up iperf3 on a debian server and connect to it from FG30E In this case I get speeds from 916Mb/s to 950Mb/s, so MikroTik switches don't slow down the link

In the last step I make iperf3 from the Debian server to the same address as the test with FG30

I have speeds between 4 and 6 Mbps....

I also tested the speed from a NAS server which is not virtual, the same thing happens...

Where to look for the problem because I have no idea anymore....

AEK · ‎04-18-2024

Hi Lozd

Which FortiOS version?
Do you have any configured traffic shaping policy
Do you notice CPU high load when you perform the test
Can you just try the same test but when disabling all security profiles on the related policy (AV, IPS, Cert inspection, ...)

AEK

LOZD · ‎04-18-2024

Which FortiOS version?
6.2.16

Do you have any configured traffic shaping policy
No

Do you notice CPU high load when you perform the test
Max 8%

Can you just try the same test but when disabling all security profiles on the related policy (AV, IPS, Cert inspection, ...)

I don't have any policies enabled. The device is already unsupported and I ran it in the lab for virtual machine testing

johnathan · ‎04-18-2024

There is a known issue on the 30Es which match that behavior being tracked under Bug ID 729975.
If you can see packet loss while pinging the LAN interface and directly connected, there is a good chance you are hitting this bug. I would open a case with TAC for this.

"Never trust a computer you can't throw out a window."

LOZD · ‎04-18-2024

Packet loss at 2.5% (test was very short)

Unfortunately we have not purchased support for 30E devices we treat them as Lab equipment

johnathan · ‎04-18-2024

You are probably hitting the issue then. Unfortunately there is nothing config-wise that can solve it. I am not sure if you can ask for an RMA without a support contract.

"Never trust a computer you can't throw out a window."

LOZD · ‎04-18-2024

Do you know ? if it is possible to get the serial numbers of the devices on which this problem occurs?

To be honest I have about 20 pieces of 30E maybe I can choose the one that is OK

H_aristizabal · ‎08-07-2024

Unfortunately, there is no way to track this issue using Serial numbers. However, whenever you notice there is a slow response with internet access or to get into the GUI. You can always open a support ticket to track and isolate if is affected by the bug mentioned above.

johnathan · ‎08-09-2024

He mentioned he does not have support. He has packet loss pinging the FortiGate interface directly so we already know he is hitting this issue.

"Never trust a computer you can't throw out a window."

FortiGate 30E Slow connection via NAT

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website