Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
D-hg
New Contributor III

Ipsec site to site tunnel between Mikrotik and Fortigate 60F performance

Hello,

 

SITE A : Mikrotik HAP AX2

SITE B: Fortigate 60F

 

I successed to create an IPsec tunnel between a Mikrotik HAP AX2 and a Fortigate 60F.

I configured the Site A to be in full remote browsing through the Fortigate. Site A connects to internet through Site B

 

Site A have a 600 Mb/s bandwith and Site B 1Gb/s.

 

My issue is: I cannot reach more than 29 Mb/s of download and 5 of Upload with bandwith test from Site A with the Mikrotik.

 

I tried to change/quit encryption methods to see any improvements, without success.

I tried to up another tunnel with another AX2 from my house and my 40Mb/s, and I have the exact same bandwith, who made me think of that there is something limitating the bandwith at some point.

 

Anyone could help me to see what would be the issue here?

Many thanks !

1 Solution
D-hg
New Contributor III

Indeed, I mounted the 4 HQ and all sites have 200/250 Mb/s without any problem at every part of the day.

The solution was the upgrade of the fortigates !

Have a nice day guys

View solution in original post

5 REPLIES 5
D-hg
New Contributor III

Hello,

Anyone could help me on this?

 

I don´t know if the 60F is limited at the IPsec side. It would be nice to know it, Is there a way to test it?

 

Many thanks guys...

funkylicious

geek
D-hg
New Contributor III

After my second post, I upgraded my fortigates from 7.0.10 to 7.0.11, and I've got 230 / 350 Mb/s on the Mikrotik site !

I need to supervise this week if the bandwidth problem exists again, It would be the connection of all the clients in the main headquarter the cause of the problem ! I keep you updated ! I will read the article many thanks

D-hg
New Contributor III

Indeed, I mounted the 4 HQ and all sites have 200/250 Mb/s without any problem at every part of the day.

The solution was the upgrade of the fortigates !

Have a nice day guys

Faiza_Emam_Delhi
Contributor

The performance issue with the IPsec tunnel between the Mikrotik and Fortigate 60F could be related to a number of factors. Here are some potential causes and solutions:

1. Encryption settings: The encryption settings used in the IPsec tunnel can have a significant impact on performance. You mentioned that you tried changing the encryption methods without success, but you may want to try adjusting the encryption settings further. For example, you could try disabling perfect forward secrecy (PFS) or using a weaker encryption algorithm to see if this improves performance.

2. MTU settings: The maximum transmission unit (MTU) size can also impact performance. You may want to check the MTU settings on both devices and ensure that they are set to an appropriate value. For example, you may want to set the MTU to 1400 or lower to account for overhead.

3. Network congestion: The slow performance could also be caused by network congestion or other issues with the network. You may want to perform a network analysis to identify any potential issues, such as packet loss or high latency.

4. Hardware limitations: The hardware resources of the Mikrotik and Fortigate devices could also be a limiting factor. You may want to check the CPU and memory utilization on both devices during the bandwidth test to see if there are any bottlenecks.

5. IPSec configuration: The IPSec configuration on the Mikrotik and Fortigate devices could also be a factor. You may want to review the IPSec configuration and ensure that it is optimized for performance, such as by enabling hardware acceleration or adjusting the SA lifetime.

It may be helpful to perform additional testing and troubleshooting to identify the root cause of the performance issue. You could also consider contacting Mikrotik and Fortinet support for additional guidance and assistance

Thanks & Regards,
Faizal Emam
Thanks & Regards,Faizal Emam
Labels
Top Kudoed Authors