My download speed is 1GBit/s from the provider UPC here in Switzerland.
A PC (paviPC) attached to the providers connect box (CB, a DOCSIS router) gets about 900MBit/s.
This is what I am looking for.
(paviPC <-- CB/p4-CB/cable <-- cnlab speed test server)
I got a Fortigate 40F (FG) to play and connected lan3 (hardware switch) to port 3 of the UPC CB router.
Looking at the specs, the FG-40F should easily handle the 1GBit/s download speed. But it seems not to...
Any PC (elitePC, zoePC, paviPC) connected to lan3 of FG only gets about 130MBit/s download speed max.
(PC <-- FG/lan3<-FG/wan <-- CB/p3<-CB/wan <-- cnlab speed test server)
I do not have any fancy firewall policy enabled.Just plain all/all/all from inside to outside without any UTM features.
Why is this so slow and how can I speed it up?
I test the download speed with the cnlab speedtest application (https://www.cnlab.ch/speedtest) from different PC's (paviPC, zoePC, elitePC).
To check the port speeds, I did several speed tests with iperf3 using FG as a client, connecting to my 3 test PC's via the LAN port (i.e. diag traffictest run -c 192.168.1.204). On the PC's I downloaded iperf3 and started the server session.
Results:
To test the WAN port speed, I used paviPC as an iperf3 client and connected to FG (running the server iperf3 server) via a 1GB switch.
Result:
(same is also possible by using the -R option: diag traffictest run -R -c 192.168.0.50)
I conclude from this that the LAN cabling is not optimal, but far beyond just 120 MBit/s.
The Fortigate 40F is apparently stalling the connections, probably is the cause of the slow download.
I tried different settings on the FG to increase throughput
Nothing I tried so far was bumping the speed above 130 MBit/s.
What else could I try on the FG?
Thanks
Dan
References:
https://fusecommunity.fortinet.com/blogs/yuri1/2020/10/30/fortigate-built-in-iperf-tool-network-diag...
https://community.fortinet.com/t5/Fortinet-Forum/Slow-Internet/m-p/154183?m=164588
https://community.fortinet.com/t5/Fortinet-Forum/diagnose-traffictest/m-p/152702?m=146386
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-perform-bandwidth-tests/ta-p/197784...
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Issue-with-outbound-upload-traffic-s...
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortigate-fortiwifi-40f-series.pdf
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Dan,
Here are few places/ideas to check:
- policy mode: flow/proxy
- utm enabled or disabled in the policy (set utm disable)
- fragmentation: honor-df flag in settings if unnecessary fragmentation seen
- configuration: remove/unset internal switch
Ultimately, consider that the Datasheet values are cummulative, so a 600Mbps Threat protection is likely measured on a multi-thread/multiple ports test, with certain inspection profiles added. Last, but not least, the 40F is a small unit and lacks any dedicated NP processor that may speed up the connection - all traffic is handled by the SoC (CPU).
Thanks Alex, I will try this tonight and give feedback.
So far:
- policy mode is flow
- utm is already disabled
@AlexC-FTNT , I was not able to improve the speed significantly.
As this FG is under support, would it make sense to open a support ticket?
Dan
It makes sense to open a ticket for it so we can keep track of these issues, but it is likely that you will receive a similar reply after some troubleshooting data collected. As I also mentioned above, the speed may be significantly increased (or aproaching datasheet values) by using multiple parallel threads in iperf testing. So this is another test you could run (-P 4 / -P 6...)
Hi dan,
i have the same issue.
did you find a solution please ?
thanks
hi @diditn
in my case it turned out to be a stupid cabling issue. I should have seen that before, but I only catched it when I did the cabling of the whole rack from scratch.
Dan
thanks dan.
i will check the cables with CAT6 and try again.
thank you very much.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.