Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jimz0r
New Contributor II

Created on ‎08-31-2022 11:59 PM

Iperf to remote server

I have set up an IPERF server on an AWS EC2 instance. I have tested the connection from my computer and I can successfully run an IPERF test from this computer. I know the IPERF server is working and is accessible.

 

My interface is "Fibre1000" which is a sub int of the WAN1 port that is controlling the public IP address.

 

My output of diag traffictest show is:

server-intf: Fibre1000
client-intf: Fibre1000
port: 8000
proto: TCP

 

When I run the test to the server, all I get is:

 

Mayfair_NBN # diagnose traffictest run -c 18.236.138.203
iperf3: error - unable to connect to server: Network is unreachable
iperf3: interrupt - the server has terminated

 

I know the server is running, I have tested and proven that it is running but this fortigate I am trying to bandwidth test simply will not allow me to run a test. I have also attempted to try various public servers and they all show either network is unreachable or Server is busy.

 

Output of a ping test:

Mayfair_NBN # exec ping 18.236.138.203
PING 18.236.138.203 (18.236.138.203): 56 data bytes
64 bytes from 18.236.138.203: icmp_seq=0 ttl=102 time=181.9 ms
64 bytes from 18.236.138.203: icmp_seq=1 ttl=102 time=178.2 ms
64 bytes from 18.236.138.203: icmp_seq=2 ttl=102 time=178.6 ms
64 bytes from 18.236.138.203: icmp_seq=3 ttl=102 time=178.4 ms

 

I have also setup the security group of the EC2 instance to allow connections on port 8000

 

Please help, this is doing my head in.

Labels:
6327
9 REPLIES 9
rosatechnocrat
Contributor II

Created on ‎09-01-2022 12:19 AM Edited on ‎09-01-2022 12:19 AM

Dear Jimz0r,

Seems  port 8000 might not be reachable, Please check and confirm if port 8000 is listening on iperf or confirm which port iperf is running. 

 

You can also refer below for more details. 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-cases-for-diagnose-traffictest-command... 

Rosa Technocrat --

Also on YouTube---

Please do Subscribe
Rosa Technocrat --Also on YouTube---Please do Subscribe
6323
0 Kudos
Jimz0r
New Contributor II
In response to rosatechnocrat

Created on ‎09-01-2022 04:01 PM Edited on ‎09-01-2022 04:02 PM

iperf.PNG

 

I can see your connection attempts. It is definitely listening on port 8000

I have also proven this by testing from another windows machine and the test worked. I don't know why the server did the above but it is definitely LISTENING on poor 8000 haha

 

That link you have provided, is the exact link i followed in order to set it up. It simply isn't working for me.

6313
0 Kudos
aionescu
Staff
Staff

Created on ‎09-01-2022 09:41 AM

Hi @Jimz0r ,

 

Can you please clarify: "My interface is "Fibre1000" which is a sub int of the WAN1 port that is controlling the public IP address."

Do you have a route to 18.236.138.203 via the Fibre1000 interface?

6316
0 Kudos
Jimz0r
New Contributor II
In response to aionescu

Created on ‎09-01-2022 04:01 PM

Does it need a route? I can ping the server fine, I shouldn't need to tell it how to get somewhere when it already knows how to get there..?

6313
0 Kudos
aionescu
Staff
Staff
In response to Jimz0r

Created on ‎09-07-2022 03:47 AM

Hi @Jimz0r , normally when you specify the client/server interfaces it will use that interface to reach the iperf server.  It is expected to have a route via that interface.

6279
0 Kudos
Jimz0r
New Contributor II
In response to aionescu

Created on ‎09-07-2022 02:53 PM

Adding a route did not help :(

6270
0 Kudos
jintrah_FTNT
Staff
Staff

Created on ‎09-07-2022 04:30 AM

Hi,

 

Could you change the port, say 9000 instead of 8000, and test? Port 8000 is used by FSSO and I wonder if it conflicts.

 

best regards,

Jin

6277
0 Kudos
Jimz0r
New Contributor II
In response to jintrah_FTNT

Created on ‎09-07-2022 02:55 PM

Before I posted this I was originally using port 5201 (which is one of the default ports for Iperf. 

 

On both ports 8000 and 5201 a Linux and windows machine could run a test to the server without fault, the Fortigate could not. This issue is something specific to the fortigate. It's not the server.

6270
0 Kudos
aahmadzada
Staff
Staff

Created on ‎09-08-2022 03:14 AM

Hi Jimz0r,

Please share with us the outputs of these commands:
get router info routing-table all
get router info routing-table database



Ahmad
6246
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.