Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
YHC
New Contributor III

Created on ‎12-20-2023 12:51 AM Edited on ‎02-26-2024 05:21 AM By Community Manager

Inter VLAN routing

Hi everyone,

 

I have a Fortigate 30E and zyxel GS1900 switch in my office.

We have two VLANs and the routing is 'Router on a Stick' mode.

Recently we found the inter-VLAN is slower than speed inside the same VLAN.

Here are our test results using iPerf3 (using NAS as the iPerf server to do speed test)

 

  1. From PC in VLAN3 to NAS in VLAN3: 950M
  2. From PC in VLAN1(wired) to NAS in VLAN3: 550M
  3. From PC in VLAN1(WiFi) to NAS in VLAN3: 350M

We are wondering it is a routing problem.   Could you please advise what we can do to improve the inter-VLAN connection speed?

Thank you.

Labels:
1106
0 Kudos
1 Solution
ebilcari
Staff
Staff
In response to YHC

Created on ‎12-22-2023 01:22 AM

The link aggregation may help to increase the throughput in case you don't apply any security feature for that traffic. For the Fortigate model you can refer to this matrix and choose one of the new models that have support for "Virtual Hardware Switch".

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

1006
7 REPLIES 7
ebilcari
Staff
Staff

Created on ‎12-20-2023 01:08 AM

Same VLAN communication is done through the switch that usually works in wire speed so it can not be compared directly. Since you are using an entry level of the FGT family I guess you are reaching its limits. Kindly refer to the Datasheet of this product to have a better understanding of the capabilities of this model and the features that may have been enabled that may affect the overall throughput. This doesn't look like a routing problem.

Regarding the point 3 that should be investigated on the WiFi part and the connection speed of the end host.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1096
YHC
New Contributor III
In response to ebilcari

Created on ‎12-20-2023 08:26 AM

Thanks ebilcari.

Actually VLAN1 is the default 'hardware switch' lan.  And our VLAN3 is attached to the 'hardware switch' lan.  See below screen shots. 

Will it be helpful (increase connection speed) by attaching VLAN3 to wan interface? 

Or will it be helpful if I use link aggregation to connect Fortigate and our GS1900 switch (making the stick b)?

 

If both above will not work, could you advise us what model of Fortigate should we use to improve the inter-VLAN speed?

Thank you.

 
 

截圖 2023-12-21 00.18.25.png

1041
0 Kudos
ebilcari
Staff
Staff
In response to YHC

Created on ‎12-22-2023 01:22 AM

The link aggregation may help to increase the throughput in case you don't apply any security feature for that traffic. For the Fortigate model you can refer to this matrix and choose one of the new models that have support for "Virtual Hardware Switch".

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
1007
YHC
New Contributor III
In response to ebilcari

Created on ‎12-22-2023 02:13 AM

Thank you for the repy.

I have further questions.

When creating VLANs, will there be any differences attaching the VLAN to different interfaces (wan interface or lan interface)?

Thank you.

985
0 Kudos
ebilcari
Staff
Staff
In response to YHC

Created on ‎12-22-2023 04:42 AM

The VLAN can be created under interfaces but remember that it will function as a sub interface not as VLAN spanning. Kindly refer to this article that shows many types of configurations and the use cases.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
972
0 Kudos
marcoperson_250
New Contributor II
In response to ebilcari

Created on ‎12-22-2023 01:48 AM

I have the same problem thank you for these valuable insights.

998
AEK
SuperUser
SuperUser

Created on ‎12-20-2023 05:44 AM

You can try remove all security profiles from the related policy and redo the test.

AEK
AEK
1062
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.