How do I give TELNET traffic priority through an IPSEC VPN?

Tracyp · ‎01-27-2015

Hello :)

We have a fortigate 90D running multiple IPSEC vpns. One link is a little slow and keeps causing AS400 (IBM) sessions to drop.

As this uses telnet, how can I prioritise telnet packets through this VPN ?

Thanks

Tracy

Nihas · ‎02-02-2015

As far my understanding there could be many reasons for the slowness over IPsec VPN.

[ul]

Your internet traffic might be on peak

Remote network traffic might be on it's peak.

Remote local network may have slowness problems due to many reasons ( Intermediate devices , broadcast flooding etc)[/ul]

And if you are using an interface based VPN create a seperate policy only with the Telnet service with " Traffic Shaping " options. And put the normal access policies below on that. So atleast you can ensure your telnet traffic is not stuck on traffic queue and it will have priority.

But Still I don't think that it will help you to fix the slowness issue unless you find out the root cause for the slowness issue. :)

Nihas [\b]

emnoc · ‎02-02-2015

I have to agree with nihas, and would even add have you ran any L4 analysis between client and AS400? A opensource tool like tcptrace will provide details on tx/rc retrans, delay,etc.....

www.tcptrace.org/

Once you have any ideal of the traffic statistics, than you can drill in. Also keep in mind you mem=ntion prioritizing telnet over ipsec but how much ipsec do you have at either vrs the available bandwdidth?

I would start by graphing the ipsec tunnels ( hopefully they are ALL interface mode ) and try to look at the available bandwidth and utilization at each ends.

PCNSE

NSE

StrongSwan

mfhilmi · ‎06-22-2016

Hi guys,

maybe I am out of the thread, but could you explain how our FG unit can forward SNA traffic (AS400) in NAT/Route mode?

How do I give TELNET traffic priority through an IPSEC VPN?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website