Fortigate IPSec traffic issue

1mm · ‎09-14-2023

Hello,

We have 2 virtual fortigates - one is deployed in Azure environment, second in our local datacenter on ESXi infrastructure. On these 2 fortigates we have installed trial licenses (provided by vendor). We have configured IPsec over GRE between these 2 fortigates. Connection is stable but speed is very low, maximum in peak was 15 mbp\s. Not sure there is the problem..

spoojary · ‎09-14-2023

Use the following doc to troubleshoot : https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-speed-or-bandwid...

Siddhanth Poojary

xshkurti · ‎09-14-2023

@1mm try to force nat-t under ipsec phase1 config
Technical Tip: IPSec VPN nattraversal - Fortinet Community

v_ceban · ‎09-14-2023

I would suggest setting up a lower TCP-MSS ~ 1350 for both directions .
This is recommended for IPsec tunnels on FGTs hosted in Azure Cloud

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/255100/ipsec-vpn-to-azure-with-virtual-...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518

Vladislav Ceban

1mm · ‎09-15-2023

Thanks for your replies,

I have one question, can it be referred to trial license? Are there any limitation of trial licenses provided by vendor?

maulishshah · ‎09-15-2023

@1mm , Based on my knowledge, we do not impose any resource limitations for trial licenses.

Maulish Shah