Limited speeds when accessing subnet from outside work (FTP/VPN)
Hey everyone, first time posting !
I would need help, my situation is that we have a subnet on a DMZ with a single PC holding our Filezilla FTP server.
When I connect from the domain, I can pull 1,000mbps (100mo/s) from this pc. When I connect from outside using either the VPN or Filezilla, every connection is limited to 50mbps (5mo/s).
When I am connected to the VPN and try to download files from the domain server, I also get this same cap on speed.
I have checked EVERYWHERE, nothing is limited. I know there is something because the same user downloading a file from the FTP server will get 5mo/s and if the user starts a second download, the speed for each files becomes 2.5mo/s.
But at the same time, monitoring the FTP pc shows me not even 5% of the network bandwith is used.
One of my guess is the switch connected to the DMZ port. It is an unmanaged Trendnet switch with loads of camera plugged in.
Hey there GFleming, thank you for taking some of your time to help me.
- I have a Fortigate 80E
- LAN to WAN works full speed (Max 100mo/s from the NIC bottleneck of 1gbps)
- I do have some security activated and applied to the WAN - DMZ
- When trying to download on Filezilla I get the same slow speeds using VIP/VPN (5mo/s). (I assumed when mentionning VIP that you are talking about connecting to the FTP using the credentials created in Filezilla server ?)
I tested from another employee's home (we both have above 120mbps connections up/down) and I experienced the same thing : Downloads capped at 50mbps. Starting a second download splits the speed 25mbps/25mbps. We have different ISPs (Bell /Vmedia) with reasonable ping (14ms)
Speed test results from the computer running the FTP on the subnet :
So, normally the max I could download from this PC would be it's "maximum upload bandwith", which is still above 200mbps if I am correct.
I'm confused what you're trying to show me with that graph. That looks like you are getting 800Mbps download on the FileZilla server. The inbound traffic is probably just TCP ACKs, etc and other overhead not necessarily showing an FTP download.
You are using FTP protocol right? Then it has nothing to do with SMB.
I think next step is to run a packet capture on an external client when downloading from the FileZilla server. I wonder if we are having MTU issues or packet loss or something else. Can you please run a packet capture and paste the output showing the initial handshake and the next 20-30 packets for the FTP session?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.