Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ASPCORP
New Contributor

Created on ‎05-05-2015 05:27 AM

FortiGate 40C mbps

We're currently using a fortigate 40c and getting internet from a Tmark fiber connection.

 

If i connect a machine directly to the TMark switch my internet speed is 100mb + , but once i connect thru the fortigate its between 30 and 50.

 

Please help.

ASP TECH
ASP TECH
3991
0 Kudos
4 REPLIES 4
mhe
Contributor II

Created on ‎05-05-2015 06:42 AM

You've reached the Limit of your small box. Switch to flow based AV should help a Little; otherwise you have to disable UTM Features to get more traffic trough you 40c.

 

martin

2507
0 Kudos
ASPCORP
New Contributor

Created on ‎05-15-2015 12:40 PM

We made these changes and still no luck

ASP TECH
ASP TECH
2507
0 Kudos
Dave_Hall
Honored Contributor
In response to ASPCORP

Created on ‎05-16-2015 09:23 AM

Hi Chris.

 

It would help us a lot if you provided more information on how your 40C is setup, such as firmware, whether you have any soft switches setup, have tested for duplex/speed mismatch, CPU/memory usage, tailored UTM features to the traffic (e.g. separate firewall policies covering web traffic, DNS, email traffic, NTP, other, etc.)

 

The specs for the 40C outline the throughput performance limits placed on the 40C with IPS/antivirus features enabled.   While it may be possible that your network has outgrown your 40C, limiting/tailoring the IPS/App control/antivirus policies to the traffic can go a long way.  (E.g. you don't want your fgt's IPS policy scanning for linux/MAC exploits if the traffic is windows-PC based traffic only.)

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
74 KB
2507
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎05-16-2015 09:50 AM

B4 we thru the FGT40C out, have you double check and port interfaces errors?  I ran FG40C on 100mbps handoffs and didn't see or had any reports.

 

I would run the diag hard commands and look for any interfaces errors 1st and then t-shot based on your findings.

 

e.g

( gain your speed/duplex )

diag hardware  deviceinfo nic wan1

 

If duplex is not full this would be a direct impact to the BW you can push.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2507
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.