Hey everyone, first time posting !
I would need help, my situation is that we have a subnet on a DMZ with a single PC holding our Filezilla FTP server.
When I connect from the domain, I can pull 1,000mbps (100mo/s) from this pc. When I connect from outside using either the VPN or Filezilla, every connection is limited to 50mbps (5mo/s).
When I am connected to the VPN and try to download files from the domain server, I also get this same cap on speed.
I have checked EVERYWHERE, nothing is limited. I know there is something because the same user downloading a file from the FTP server will get 5mo/s and if the user starts a second download, the speed for each files becomes 2.5mo/s.
But at the same time, monitoring the FTP pc shows me not even 5% of the network bandwith is used.
One of my guess is the switch connected to the DMZ port. It is an unmanaged Trendnet switch with loads of camera plugged in.
Anything would be helpful,
Thank you !
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Need some more info:
Hey there GFleming, thank you for taking some of your time to help me.
- I have a Fortigate 80E
- LAN to WAN works full speed (Max 100mo/s from the NIC bottleneck of 1gbps)
- I do have some security activated and applied to the WAN - DMZ
- When trying to download on Filezilla I get the same slow speeds using VIP/VPN (5mo/s). (I assumed when mentionning VIP that you are talking about connecting to the FTP using the credentials created in Filezilla server ?)
OK sounds like an issue that is isolated to the outside network. Have you confirmed it's not an issue with the outside network?
Do you get slow speeds when connecting to VPN or FTP VIP from a different ISP?
If you do a speedtest from the FileZilla server does it give you full speed?
Issue with the outside network :
I tested from another employee's home (we both have above 120mbps connections up/down) and I experienced the same thing : Downloads capped at 50mbps. Starting a second download splits the speed 25mbps/25mbps. We have different ISPs (Bell /Vmedia) with reasonable ping (14ms)
Speed test results from the computer running the FTP on the subnet :
So, normally the max I could download from this PC would be it's "maximum upload bandwith", which is still above 200mbps if I am correct.
OK and for the other question, If you do a speedtest from the FileZilla server does it give you full speed??
Also what are the ping times when you ping the IP address of the VPN or FileZilla server from the outside network?
Sorry for the confusion Graham,
The speed test I included above is done on the pc running the filezilla server application. So the answer to your question is : yes, the filezilla server is giving me full speed internet access.
I get ping time of around 34ms when connected to the VPN. I have no way of knowing the latency of filezilla FTP when downloading.
Created on 03-29-2023 08:03 AM Edited on 03-29-2023 08:25 AM
As I said in my first post, this one really puzzle me.
When connected to the pc on the DMZ subnet (Running filezilla server) everything works fine.
I can even download from the FTP while on the LAN and I get the full 1,000mbps.
No policy for restricting access anywhere, no hardware bottleneck. As you said, it only affect people outside our network.
Here is the graph for DMZ FTP. 5mbps vs 500mbps (Coming from LAN upload/download)
I am starting to have a look at the servers configuration. I noticed some of them are running SMB v2.1 which is pretty old. Could that affect something ?
I'm confused what you're trying to show me with that graph. That looks like you are getting 800Mbps download on the FileZilla server. The inbound traffic is probably just TCP ACKs, etc and other overhead not necessarily showing an FTP download.
You are using FTP protocol right? Then it has nothing to do with SMB.
I think next step is to run a packet capture on an external client when downloading from the FileZilla server. I wonder if we are having MTU issues or packet loss or something else. Can you please run a packet capture and paste the output showing the initial handshake and the next 20-30 packets for the FTP session?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.