Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pi666
New Contributor

SSL-VPN Performance problem in one direction

Hi,
we have the following problem with the SSL VPN.

 

As an example:
When a client copies files over the VPN the performance is very bad in one direction.

Client copies files from SMB server = max 10 Mbit / bad
Client copies files to SMB server = performance as expected 20 Mbit (my line does not allow more)

 

tested with:
Forticlient: 7.0.7 + 7.2.0
Fortigate: 200F v7.2.4

Connection Fortigate 1Gbit fiber symmetric
Connection Client 400 Mbit Down /20 Mbit Up

 

I would be very grateful for any suggestions on how to improve this!

 

Many greetings
Pi

5 REPLIES 5
jhussain_FTNT

Hi,

Kindly test with  enable DTLS tunnel on FortiGate, use the following CLI commands:
config vpn ssl settings
set dtls-tunnel enable
End

 

Also on the FortiClient settings to ensure that the option “Preferred DTLS Tunnel” is checked in the settings.

 

Regards

Jamal

Pi666

Hi,
dtls is enabled on both sides.
I don't think this is the problem, because the throughput from the vpn client to the server is also good, but from the server to the client is not even half.

 

on the same fiber connection we have another 60F for testing, when I establish a ssl vpn connection over this fortigate the throughput is correct (about 3-4 Mbyte per sec). The ssl vpn configuration is exactly the same.
Over the 200F active/passive cluster I reach approx. 300-800 k per sec.

 

Regards

Peter

jhussain_FTNT

Hi Peter,

 

You can try recommendations  steps updated in the below document to improve the performance.

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-slow-file-transfer-issue/ta-...

 

Regards

Jamal

Pi666

Hi Jamal,
I have already tried everything from your link except iperf. Also it doesn't explain why I achieve the desired performance on our 60F with the same settings, the same servers, the same clients, the same internet connections.
The 60F is also connected to the same switch as the 200F cluster.
both firewalls are connected to the ISP router via the same switch.

 

Regards

Peter

Eduardoj

Hello jhussain,

 

Did u get it working?


I have the exact same problem as you mentioned is this topic.

 

SSL VPN Upload from the client to the fortigate network is full speed, but download from the fortigate network to the client is very slow, ~ 2 Mbps

Labels
Top Kudoed Authors