hello together
I have the following problem
over IPSEC VPN the file transfer to a share is very slow.
We are talking about 1mbits to about 25mbits.
The file size is between 500mb and 5000mb.
The local breakout are no problems only via IPSEC I have the problem
From the outside locations (100F each) it goes to the HQ (FortiVM02).
Each remote site is connected with 1000 mbit synchronously.
All Forti have 7.2.3 in use.
IPSEC
Are connected with
IKEv2
AES 256 and SHA 521 in both phases and DH 21 also in both phases.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have found the problem.
It was on the switches LACP was set up but only used one interface so there was performance degradation.
Hello Christian,
Can you try lowering the proposals to aes128-sha256 and test if there is any change?
Try also to disable replay under the phase 2 configuration and testing again.
If there are any UTM profiles enabled on the policies configured on IPSEC traffic try disabling and then test again.
I have already adjusted Propsal. but did not bring any improvement
because Replay I have not yet adjusted will still make and give you feedback.
UTM I have no active
I have made the adjustment and deactivated the replay.
It did not bring any improvement.
You can also use the commands in the below KB to troubleshoot speed or bandwidth issues:
This could be caused by payload fragmentation. If traffic is TCP; try manipulate the TCP-MSS on the firewall policy that match this traffic. Do this on both sides of the tunnel.
# config firewall policy
edit <policy id>
tcp-mss-sender <mss value>
tcp-mss-receiver <mss value>
I usually test 1300 Bytes for VPN traffic.
Unfortunately I have not yet been able to achieve a need pairs increase.
With iPerf test I get so on 110-150Mbps. UDP is no problem, I get 850-980 Mbps.
Do you have any infoDo you have any info
I have the same problem.
I have found the problem.
It was on the switches LACP was set up but only used one interface so there was performance degradation.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.