- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ping drop issue when bandwidth utilization above 25 mbps in IPsec site to site VPN Tunnel
We have 100F device (OS 7.0)with 42 mbps at head office and 50E device (OS 6.2.11) with 35 mbps at branch office.
we observe ping getting drop if bandwidth utilization reached above 25 mbps.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Is the drop only on icmp traffic over vpn at 25mbps or more?
Best regards,
Jin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
icmp traffic and also ssh session disconnect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, so it mean all traffic getting affected in the path. You should check if the esp packets send from one end are received on the other. If there is any drop determined in the path for esp traffic, you can engage ISP to check or redirect the traffic through an alternate path for you.
Best regards,
Jin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is possible your 50E is overloaded. Max IPSec throughput for that box is 90Mbps. That's with no other services running. So if you are also doing NGFW inspection, etc you may be overloading it.
Alternatively you might be hitting buffer bloat on the ISP WAN Link if you are saturating it. Are your WAN link speeds symmetrical? 42mbps up/down and 35mbps up/down? What is the total utilization of your WAN links? Hitting 100% ever?
Graham
