I am try to load test FortiGate VM using cisco Trex. While this works perfectly on the current pfsense setup, I cannot get it to work on FortiGate.
Simple routing and firewall rules have been set up the same as pfsense and can see that the one firewall rule is beng used based on the bandwidth usage. When looking at foward traffic logs it seems that some traffic is getting through fine but the majority of traffic does not seem to be accepted as is mostly droppped.
I have tried the following so far;
Using Policy routes rather than static routes produces the same result
Change the interface types from unspesified to WAN or LAN
Added DoS policy, no change
Changed NAT settings in firewall rules
Changed protocol options in firewall rules
Looking at forward traffic it seems that traffic that is having issues is the following
Source IP 184.108.40.206. Do you own this address? If not it might not get routed back to you properly.
Can you further explain the actual flows you are trying to get working. Does the FortiGate connect to an actual ISP or is this all internal testing? What kind of traffic does trex generate? Does it all go to the same destination or multiple?
No, the FortiGate is unable to ping the TREX ports and TREX is unable to ping the FortiGate ports. This is the same behaviour with pfsense. When TREX first starts it sends ARP packets to the FortiGate ports which works as TREX then starts sending traffic.
This is setup on ESXi 6.5 using VMXNET3 adaptors and is using 2 seperate virtual switches for the connections between them, promisucous mode enabled.
I have reinstalled a fresh copy of FoirtGate and simply added interface IP's, added static routes, and added the firewall policy and still getting the same result. TREX reports packets drop after 10 seconds of test traffic.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.