Hi everyone, new here in the Forum :)
We have A Fortigate 90D.
When we measure the bandwith with speedtest.net from outside the firewall we get around 700Mbps.
Behind the firewall only 250Mbps and the cpu load goes to 100%. According to the datasheet it should theoretically support up to 3.5Gbps. No matter if Antivirus is activated or not.
I don't want to post the debug.log because of ip-adresses and so on, but I can provide further details if necessary.
Cheers Stephan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Dear Stephen,
What cause high CPU in diagnose sys top-summary or diagnose sys top.
If it's IPSmonitor, i think you should disable the Application Control and IPS if enabled.
Regards.
The FortiGate 90D supports 275Mbps for IPS/Application control traffic and 35Mbps for AntiVirus traffic (http://fortinet.globalgate.com.ar/pdfs/FortiGate/FortiGate-90D.pdf).
The 3.5Gbps is for firewall only traffic (no security profiles enabled), and only for UDP. TCP will be always be lower than this value but should definitely be higher than 250Mbps.
250Mbps is inline with this if your policy has Application Control/IPS turned on. Can you try disabling all security profiles on the policy and testing again?
Clearly, a throughput figure cannot be independent of applying AV or not.
Besides the 90D being an old model with a relatively weak embedded CPU, can it be the case that your WAN line is using PPPoE and the FGT is decoding it directly? In this case, CPU is the limiting factor. A simple modem in front will do PPPoE in hardware and will raise the throughput substantially.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.