Hi,
We are having 4201F in HA integrated with ACI. We see that traceroute is adding 20ms when trace land on FortiGate IP.
Looking for opinions to minimize it.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you able to elaborate a bit more on 'ACI' in this context?
What do you have enabled on the policies for this traffic?
What is the latency from the client to the FortiGate, and from the FortiGate to the server?
Appologies, Can't draw it properly due to tight schedule. As we can see in the diagram below as soon as the trace lands on Fortigate response time jumpe to 35.398ms. 8th hope is FortiGate incoming Interface for this connection.
Can you post the configuration of the particular firewall policy that matches this traffic ?
Firewall Policy is allowing all with no security Controls applied
config firewall policy
edit 6
set name "Primary>DR"
set uuid afcf94c4-6f4e-51ef-4a4b-866241348179
set srcintf "FW_Impct_L3_Out"
set dstintf "FW_Impact_L3_IN"
set action accept
set srcaddr "172.20.14.0/25" "172.20.10.128/25"
set dstaddr "172.24.5.0/25" "172.24.4.128/25"
set schedule "always"
set service "ALL"
set logtraffic all
next
end
Hello
Please collect packet capture (Wireshark) on Firewall and source and destination to see the traffic flow
I had a similar case about 3 months ago, when I upgraded my fortigate 60f from 7.2.4 to 7.2.7 version. avg. response time jumped from 1ms to 50ms (in local network). Even fortinet support had trouble finding what was an issue, we tried firmware upgrade as our last resort. Upgrade solved the issue but we couldn't conclude what was the problem.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.