Hi,
I am facing the problem of occurring at similar time intervals (about every 15minutes) saturation of the ssl vpn link to the remote Fortigate device.
The saturated outbound direction traffic reaching 70mbit/sec:
When I go to Fortiview Destinations with destination network of the remote Fortigate I see that the traffic to this destination is partial about KB/s:
How can I diagnose this, because when these spikes occur it severely drops the performance of this link, ping responses increase from 10ms to about 300ms and users on the remote side of Fortigate can not work normally?
FortiOS is 7.2.11
Greetings
In your case, you may check in the traffic logs, by filtering on your SSL VPN tunnel as source interface (not as destination interface), and try check which sessions have the highest sent bytes (not received bytes) at that times. It should help you find what is causing these spikes.
There is nothing in the traffic log, because this bandwidth spikes are caused by return traffic (traffic is initiated at remote fortigate users that are connecting to central fortigate where servers are located, then come back ), the return traffic do not need any ipv4 policies, and if there is no policy then there is no traffic logs.
If I set on central fortigate in the traffic logs as source interface 'ssl-vpn-interface' facing remote fortigate, then I see traffic in direction: remote fgt --> central fgt.
Is I choose 'ssl-vpn-interface' as destination, then I see traffic in direction: central fgt ---> remote fgt - but there are here only "Implicit Deny" rules (because as I said in this direction I have no ipv4 policies).
User | Count |
---|---|
2551 | |
1356 | |
795 | |
646 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.