Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
theoleek
New Contributor

Created on ‎02-16-2023 01:48 AM

Load test packet loss

I am try to load test FortiGate VM using cisco Trex. While this works perfectly on the current pfsense setup, I cannot get it to work on FortiGate.

 

Simple routing and firewall rules have been set up the same as pfsense and  can see that the one firewall rule is beng used based on the bandwidth usage. When looking at foward traffic logs it seems that some traffic is getting through fine but the majority of traffic does not seem to be accepted as is mostly droppped.

 

I have tried the following so far;

 

  • Using Policy routes rather than static routes produces the same result
  • Change the interface types from unspesified to WAN or LAN
  • Added DoS policy, no change
  • Changed NAT settings in firewall rules
  • Changed protocol options in firewall rules

 

Looking at forward traffic it seems that traffic that is having issues is the following

Duration5
Session ID63,877
VDOMroot
NAT Translationnoop
 
Source
Source16.0.0.14
Source Port5,796
Source Country/RegionUnited States
Primary Source Mac00:0c:29:93:42:f3
Source Interface
 
port1
 
Destination
Destination48.0.7.7
Destination Port80
Destination Country/RegionUnited States
Destination Interface
 
port2
 
Application Control
Application NameHTTP
Categoryunscanned
Protocol6
ServiceHTTP
 
Data
Received Bytes33.02 kB
Received Packets23
Sent Bytes813 B
Sent Packets14
 
Action
Actionclient-rst
Security Action 
Policy ID
0to1
Policy UUID57417294-aca1-51ed-d32e-e59d083a0abd
Policy TypeFirewall
 
Security
Levelnotice
 
Cellular
ServiceHTTP
 
Other
Log event original timestamp1676410894150044700
Timezone+0000
Log ID0000000013
Typetraffic
Sub Typeforward
Source Interface Rolewan
Destination Interface Rolelan
Policy Name0to1
Source Server0

 

 

Labels:
6135
0 Kudos
30 REPLIES 30
gfleming
Staff
Staff
In response to theoleek

Created on ‎02-21-2023 09:26 AM

You probably should have deployed FortiGate-VM64.hw13.ovf to match your version of ESXi. Did you do that?

Cheers,
Graham
1585
0 Kudos
theoleek
New Contributor
In response to gfleming

Created on ‎02-23-2023 02:41 AM

Funniley enough i did choose the wrong package when i first tried to install but ESXi gave a load of errors. Went back and check the documentation and used the correct package, installedyet fine. I even went back to the old versions and tried using the FortiGate-VM64.hw13.ovf and the result was the same. Works for 10 seconds then majority packet loss

1557
0 Kudos
gfleming
Staff
Staff
In response to theoleek

Created on ‎02-23-2023 07:57 AM

What version of FortiOS are you running?

Cheers,
Graham
1550
0 Kudos
theoleek
New Contributor
In response to gfleming

Created on ‎03-01-2023 01:37 PM Edited on ‎03-01-2023 01:38 PM

Currently have v 7.2.4 build1396 installed and have also tried on v7.0.3 build237

1520
0 Kudos
gfleming
Staff
Staff
In response to theoleek

Created on ‎02-26-2023 09:27 PM

What version of FortiOS?

Cheers,
Graham
1536
0 Kudos
gfleming
Staff
Staff
In response to theoleek

Created on ‎03-01-2023 03:51 PM

So what hardware version is your VM using?

Cheers,
Graham
1515
0 Kudos
theoleek
New Contributor
In response to gfleming

Created on ‎03-03-2023 04:41 AM Edited on ‎03-03-2023 04:44 AM

Have tried on VMXNET3,e1000 and e1000e. Same result on all of them sadly. After reviwing the pfsense logs, my best guess at the moment is some sort of security service or setting on Fortigate somewhere that is causing this behaviour.

1508
0 Kudos
gfleming
Staff
Staff
In response to theoleek

Created on ‎03-03-2023 03:33 PM

No i mean what VMWARE hardware version is your Guest VM configured to use? You need to ensure you are using the compatible hardware version for your hypervisor and that you are running the correct FortiGate VM image for that hardware version.

Cheers,
Graham
1496
theoleek
New Contributor
In response to gfleming

Created on ‎03-16-2023 01:23 PM

Sorry for the late reply/

Other 3.x or later Linux (64-bit)

1463
0 Kudos
gfleming
Staff
Staff
In response to theoleek

Created on ‎03-20-2023 10:16 AM

No not asking what Guest OS version you are using. What VMware Hardware Version your Guest VM is set to.

 

https://kb.vmware.com/s/article/1003746

 

Being on ESX 6.5 you need to be at least version 13 which means you need to deploy the right FortiGate-VM ovf for that hardware version. But please confirm what you are actually using.

 

https://docs.fortinet.com/document/fortigate-private-cloud/7.2.0/vmware-esxi-administration-guide/42...

 

Also please let us know what NIC you have in your server?

 

Also please run through the instructions for optimizing VM performance and best practices:

 

https://docs.fortinet.com/document/fortigate-private-cloud/7.2.0/vmware-esxi-administration-guide/96...

 

https://docs.fortinet.com/document/fortigate-private-cloud/7.2.0/vmware-esxi-administration-guide/80...

 

https://docs.fortinet.com/document/fortigate-private-cloud/7.2.0/vmware-esxi-administration-guide/41...

 

 

Cheers,
Graham
1448
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.