- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate introducing Latency in Packet Flow
Hi,
We are having 4201F in HA integrated with ACI. We see that traceroute is adding 20ms when trace land on FortiGate IP.
Looking for opinions to minimize it.
Thanks
- Labels:
-
FortiGate
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you able to elaborate a bit more on 'ACI' in this context?
What do you have enabled on the policies for this traffic?
What is the latency from the client to the FortiGate, and from the FortiGate to the server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Appologies, Can't draw it properly due to tight schedule. As we can see in the diagram below as soon as the trace lands on Fortigate response time jumpe to 35.398ms. 8th hope is FortiGate incoming Interface for this connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you post the configuration of the particular firewall policy that matches this traffic ?
Also on YouTube---
Please do Subscribe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Firewall Policy is allowing all with no security Controls applied
config firewall policy
edit 6
set name "Primary>DR"
set uuid afcf94c4-6f4e-51ef-4a4b-866241348179
set srcintf "FW_Impct_L3_Out"
set dstintf "FW_Impact_L3_IN"
set action accept
set srcaddr "172.20.14.0/25" "172.20.10.128/25"
set dstaddr "172.24.5.0/25" "172.24.4.128/25"
set schedule "always"
set service "ALL"
set logtraffic all
next
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Please collect packet capture (Wireshark) on Firewall and source and destination to see the traffic flow
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had a similar case about 3 months ago, when I upgraded my fortigate 60f from 7.2.4 to 7.2.7 version. avg. response time jumped from 1ms to 50ms (in local network). Even fortinet support had trouble finding what was an issue, we tried firmware upgrade as our last resort. Upgrade solved the issue but we couldn't conclude what was the problem.