Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

How to troubleshoot bandwidth spikes

Hi,

I am facing the problem of occurring at similar time intervals (about every 15minutes) saturation of the ssl vpn link to the remote Fortigate device.

The saturated outbound direction traffic reaching 70mbit/sec:

 

Clipboard01.jpg

When I go to Fortiview Destinations with destination network of the remote Fortigate I see that the traffic to this destination is partial about KB/s:

 

Clipboard02.jpg

 

How can I diagnose this, because when these spikes occur it severely drops the performance of this link, ping responses increase from 10ms to about 300ms and users on the remote side of Fortigate can not work normally?

FortiOS is 7.2.11 

 

Greetings

2 REPLIES 2
AEK
SuperUser
SuperUser

In your case, you may check in the traffic logs, by filtering on your SSL VPN tunnel as source interface (not as destination interface), and try check which sessions have the highest sent bytes (not received bytes) at that times. It should help you find what is causing these spikes.

AEK
AEK
Tutek
Contributor

There is nothing in the traffic log, because this bandwidth spikes are caused by return traffic (traffic is initiated at remote fortigate users that are connecting to central fortigate where servers are located, then come back ), the return traffic do not need any ipv4 policies, and if there is no policy then there is no traffic logs.

If I set on central fortigate in the traffic logs as source interface 'ssl-vpn-interface' facing remote fortigate, then I see traffic in direction: remote fgt --> central fgt.

Is I choose 'ssl-vpn-interface' as destination, then I see traffic in direction: central fgt ---> remote fgt - but there are here only "Implicit Deny" rules (because as I said in this direction I have no ipv4 policies).

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors