Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

Created on ‎03-12-2025 09:50 AM Edited on ‎03-12-2025 09:51 AM

How to troubleshoot bandwidth spikes

Hi,

I am facing the problem of occurring at similar time intervals (about every 15minutes) saturation of the ssl vpn link to the remote Fortigate device.

The saturated outbound direction traffic reaching 70mbit/sec:

 

Clipboard01.jpg

When I go to Fortiview Destinations with destination network of the remote Fortigate I see that the traffic to this destination is partial about KB/s:

 

Clipboard02.jpg

 

How can I diagnose this, because when these spikes occur it severely drops the performance of this link, ping responses increase from 10ms to about 300ms and users on the remote side of Fortigate can not work normally?

FortiOS is 7.2.11 

 

Greetings

Labels:
451
0 Kudos
2 REPLIES 2
AEK
SuperUser
SuperUser

Created on ‎03-12-2025 11:58 AM

In your case, you may check in the traffic logs, by filtering on your SSL VPN tunnel as source interface (not as destination interface), and try check which sessions have the highest sent bytes (not received bytes) at that times. It should help you find what is causing these spikes.

AEK
AEK
428
0 Kudos
Tutek
Contributor

Created on ‎03-12-2025 02:57 PM Edited on ‎03-12-2025 03:01 PM

There is nothing in the traffic log, because this bandwidth spikes are caused by return traffic (traffic is initiated at remote fortigate users that are connecting to central fortigate where servers are located, then come back ), the return traffic do not need any ipv4 policies, and if there is no policy then there is no traffic logs.

If I set on central fortigate in the traffic logs as source interface 'ssl-vpn-interface' facing remote fortigate, then I see traffic in direction: remote fgt --> central fgt.

Is I choose 'ssl-vpn-interface' as destination, then I see traffic in direction: central fgt ---> remote fgt - but there are here only "Implicit Deny" rules (because as I said in this direction I have no ipv4 policies).

405
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.