Having trouble here, we have a gig internet connection, I am pushing 300 MBPS from our remote sites back to our office and seems the bottle neck is the FG. I have ensured threat detection, application control, IPS, and logging are disabled. However I cannot get this to download more than 220-226 MBPS. I have confirmed with gig switch direct from ISP that I am getting over 900 MPBS and passing traffic fine.
Any ideas what could possible be a miss?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You might want to check during the traffic test whether the FGT is on a high CPU load.
Also see what kind of traffic this is. If this is traffic decrypted at the FGT as a deep inspected VIP (SSL inspection = protect server) or an IPSec endpoint, this will cause considerable overhead.
You can test from the FGT directly with the traffictest command.
This one is described here:
Not sure how much UTM stuff or how many VPNs this 50E is handling. But I'm generally not comfortable putting a full Gig circuit on a 50E, which doesn't have any ASIC chips.
Toshi
So the 50E is running at 16% CPU and is not handling any VPN traffic. All VPN traffic is forwarded to an internal OpenVPN server.
This is from the provider showing bandwidth. This is a gig connect from them and we cannot get this to go any higher. I know for a fact that we are pushing 300 MBPS to this site.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.