Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Zero
New Contributor

Created on ‎10-09-2024 08:58 AM

Slow FortiClient VPN

Hello,

we are migrating from cisco AnyConnect VPN to FortiClient VPN. we are using FortiClient 7.2.5 and FortiGate 7.2.7 . we are seeing a significant difference in file transfer rate when the end user is trying to download a big file from a shared drive. I am pretty sure its not the internet circuit issue because I ran the test while I was working remotely. I have a 1Gb up/down and the download rate is similar to what our end-users are reporting. any help is greatly appreciated.

 

AnyConnectAnyConnectFortiClientFortiClient

Zer0o0o0o
Zer0o0o0o
Labels:
716
0 Kudos
9 REPLIES 9
homalgo1
New Contributor

Created on ‎10-09-2024 09:46 AM Edited on ‎10-17-2024 05:13 AM

Try the other way around, actually - disable split DNS, and let your internal DNS server handle all DNS for the client. (This assumes the internal DNS is willing and capable of resolving any public DNS records) https://mobdro.bio/

707
0 Kudos
Zero
New Contributor
In response to homalgo1

Created on ‎10-09-2024 10:27 AM

its already setup to use our internal DNS. split DNS already disabled

Zer0o0o0o
Zer0o0o0o
670
0 Kudos
tpatel
Staff
Staff

Created on ‎10-09-2024 01:32 PM

Hello, 

Make sure dtls is enable in ssl vpn setting on fortigate and also on forticlient. 

Please click on below link and reference document.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-DTLS-to-improve-SSL-VPN-performance/...

632
0 Kudos
Zero
New Contributor
In response to tpatel

Created on ‎10-10-2024 12:47 PM

enabled dtls in both the Fortigate and FortiClient but still the same max transfer rate is between 1MB/s - 3MB/s

Zer0o0o0o
Zer0o0o0o
557
0 Kudos
tpatel
Staff
Staff
In response to Zero

Created on ‎10-14-2024 12:53 PM

Hello, 
For testing can you try to disable all UTM profile in ssl vpn policy and make sure you are using flow based.

Check speed after that. 
If still you are getting same speed you need to setup iperf server on local environment and you need to check speed. 
https://community.fortinet.com/t5/Customer-Service/Technical-Tip-How-to-increase-the-SSL-VPN-tunnel-...

 

443
0 Kudos
Zero
New Contributor
In response to tpatel

Created on ‎10-14-2024 01:09 PM

is this what you mean by disabling UTM? we already set our vpn policies for no-inspection.

VPN-FW-Policy.jpg

 

 

 

Zer0o0o0o
Zer0o0o0o
437
0 Kudos
rahulkaushik-22
Staff
Staff

Created on ‎10-14-2024 01:40 PM

@Zero 

Create a VIP object and send the file over the Internet to check the speed difference when sent over the Internet vs SSLVPN.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...

Try to use latest version of Forticlient to rule out the Forticlient issue or try IPSec VPN rather than SSLVPN.







Regards, 
Rahul Kaushik

MR RAHUL K KAUSHIK
429
0 Kudos
patelr
Staff
Staff

Created on ‎10-14-2024 02:13 PM Edited on ‎10-14-2024 02:13 PM

Hello @Zero 

 

Make sure, there isn't any VPN applications are installed, or running on test machine other than FortiClient .

 

Thanks, 
Ronak Patel

421
0 Kudos
Zero
New Contributor
In response to patelr

Created on ‎10-14-2024 02:17 PM

do you mean uninstall Cisco AnyConnect?.. its been off during testing FortiClient VPN.

Zer0o0o0o
Zer0o0o0o
415
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.