Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jimz0r
New Contributor II

Iperf to remote server

I have set up an IPERF server on an AWS EC2 instance. I have tested the connection from my computer and I can successfully run an IPERF test from this computer. I know the IPERF server is working and is accessible.

 

My interface is "Fibre1000" which is a sub int of the WAN1 port that is controlling the public IP address.

 

My output of diag traffictest show is:

server-intf: Fibre1000
client-intf: Fibre1000
port: 8000
proto: TCP

 

When I run the test to the server, all I get is:

 

Mayfair_NBN # diagnose traffictest run -c 18.236.138.203
iperf3: error - unable to connect to server: Network is unreachable
iperf3: interrupt - the server has terminated

 

I know the server is running, I have tested and proven that it is running but this fortigate I am trying to bandwidth test simply will not allow me to run a test. I have also attempted to try various public servers and they all show either network is unreachable or Server is busy.

 

Output of a ping test:

Mayfair_NBN # exec ping 18.236.138.203
PING 18.236.138.203 (18.236.138.203): 56 data bytes
64 bytes from 18.236.138.203: icmp_seq=0 ttl=102 time=181.9 ms
64 bytes from 18.236.138.203: icmp_seq=1 ttl=102 time=178.2 ms
64 bytes from 18.236.138.203: icmp_seq=2 ttl=102 time=178.6 ms
64 bytes from 18.236.138.203: icmp_seq=3 ttl=102 time=178.4 ms

 

I have also setup the security group of the EC2 instance to allow connections on port 8000

 

Please help, this is doing my head in.

9 REPLIES 9
rosatechnocrat
Contributor II

Dear Jimz0r,

Seems  port 8000 might not be reachable, Please check and confirm if port 8000 is listening on iperf or confirm which port iperf is running. 

 

You can also refer below for more details. 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-cases-for-diagnose-traffictest-command... 

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
Jimz0r

iperf.PNG

 

I can see your connection attempts. It is definitely listening on port 8000

I have also proven this by testing from another windows machine and the test worked. I don't know why the server did the above but it is definitely LISTENING on poor 8000 haha

 

That link you have provided, is the exact link i followed in order to set it up. It simply isn't working for me.

aionescu
Staff
Staff

Hi @Jimz0r ,

 

Can you please clarify: "My interface is "Fibre1000" which is a sub int of the WAN1 port that is controlling the public IP address."

Do you have a route to 18.236.138.203 via the Fibre1000 interface?

Jimz0r
New Contributor II

Does it need a route? I can ping the server fine, I shouldn't need to tell it how to get somewhere when it already knows how to get there..?

aionescu

Hi @Jimz0r , normally when you specify the client/server interfaces it will use that interface to reach the iperf server.  It is expected to have a route via that interface.

Jimz0r
New Contributor II

Adding a route did not help :(

jintrah_FTNT
Staff
Staff

Hi,

 

Could you change the port, say 9000 instead of 8000, and test? Port 8000 is used by FSSO and I wonder if it conflicts.

 

best regards,

Jin

Jimz0r
New Contributor II

Before I posted this I was originally using port 5201 (which is one of the default ports for Iperf. 

 

On both ports 8000 and 5201 a Linux and windows machine could run a test to the server without fault, the Fortigate could not. This issue is something specific to the fortigate. It's not the server.

aahmadzada
Staff
Staff

Hi Jimz0r,

Please share with us the outputs of these commands:
get router info routing-table all
get router info routing-table database



Ahmad
Labels
Top Kudoed Authors