Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
theoleek
New Contributor

Created on ‎02-16-2023 01:48 AM

Load test packet loss

I am try to load test FortiGate VM using cisco Trex. While this works perfectly on the current pfsense setup, I cannot get it to work on FortiGate.

 

Simple routing and firewall rules have been set up the same as pfsense and  can see that the one firewall rule is beng used based on the bandwidth usage. When looking at foward traffic logs it seems that some traffic is getting through fine but the majority of traffic does not seem to be accepted as is mostly droppped.

 

I have tried the following so far;

 

  • Using Policy routes rather than static routes produces the same result
  • Change the interface types from unspesified to WAN or LAN
  • Added DoS policy, no change
  • Changed NAT settings in firewall rules
  • Changed protocol options in firewall rules

 

Looking at forward traffic it seems that traffic that is having issues is the following

Duration5
Session ID63,877
VDOMroot
NAT Translationnoop
 
Source
Source16.0.0.14
Source Port5,796
Source Country/RegionUnited States
Primary Source Mac00:0c:29:93:42:f3
Source Interface
 
port1
 
Destination
Destination48.0.7.7
Destination Port80
Destination Country/RegionUnited States
Destination Interface
 
port2
 
Application Control
Application NameHTTP
Categoryunscanned
Protocol6
ServiceHTTP
 
Data
Received Bytes33.02 kB
Received Packets23
Sent Bytes813 B
Sent Packets14
 
Action
Actionclient-rst
Security Action 
Policy ID
0to1
Policy UUID57417294-aca1-51ed-d32e-e59d083a0abd
Policy TypeFirewall
 
Security
Levelnotice
 
Cellular
ServiceHTTP
 
Other
Log event original timestamp1676410894150044700
Timezone+0000
Log ID0000000013
Typetraffic
Sub Typeforward
Source Interface Rolewan
Destination Interface Rolelan
Policy Name0to1
Source Server0

 

 

Labels:
6133
0 Kudos
30 REPLIES 30
CyberaNOC
New Contributor

Created on ‎05-30-2024 03:25 PM

We were running into the same issue when using Cisco Trex to test a FortiGate VM.

 

FortiNet support helped us find that the ARP entries were disappearing from the FortiGate VM.

 

Even though we are not sure why that was happening, a workaround is to add static ARP entries for the Cisco Trex IPs in the FortGate VM, for example (adjust for the correct IPs and MAC addresses):

config system arp-table
edit 1
set interface port2
set ip 192.168.2.2
set mac 0d:56:20:fc:2d:46
next
edit 2
set interface port3
set ip 192.168.3.3
set mac cf:ea:78:0b:89:12
end

220
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.