Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cyberblitzx
New Contributor

Slow Speeds Over IPSEC VPN

So I will preface this post with saying I'm fairly new to Fortigate. So i'll just get right to my issue, We have an IPSEC VPN configured for our site to site traffic, the problem is we are getting at most 20 Mbps and it's fairly sporadic ranging from 1-20. We pay a company to manage our firewalls but they have worked for months with no success and I want to see if I can figure this out. 

All tests were performed using Iperf3 .

I did test connection over the internet between locations and I was testing between 90-100 Mbps which is closer to the speeds we pay for. Let me know what information I can provide. Any assistance is greatly appreciated.

4 REPLIES 4
neonbit
Valued Contributor

What model of FortiGate are you using?

ede_pfau

Yes, more beef please.

- FortiOS?

- VPN parameters, esp. encryption settings?

- the VPN policy?

 

Preferable from the CLI.

Most likely ASIC offloading is not happening. Uh, my crystal ball is fogging...

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
cyberblitzx

Model: 90D

OS: v5.4.4,build1117

Connected to Hardware Switches.

Both locations are identical equipment

Here is what I know about the tunnels, I'm unsure what I would pull from the CLI (looking into it)

 

They created them using the Wizard.

Auth: PSK 

IKE

V:1

Mode: Main

Phase 1:

[ul]
  • AES128-SHA256
  • AES256-SHA256
  • AES128-SHA1
  • AES256-SHA1
  • 3DES-SHA1[/ul]

    Diffie-Hellman Groups: 14, 5

     

     

    Phase 2 Selectors 

    Local 0.0.0.0/0.0.0.0

    Remote 0.0.0.0/0.0.0.0

     

    Encryption:

    [ul]
  • AES128-SHA1
  • AES256-SHA1
  • 3DES-SHA1
  • AES128-SHA256
  • AES256-SHA256
  • 3DES-Sha256[/ul]

    Diffie-Hellman Group 14,5

     

    Ports All

     

     

    VPN Policy

    Source: All

    Destination: Address All

    NAT OFF

    All Security Profiles OFF

     

     

    Again we are paying people to manage this and they are just doing such a bad job i'm trying to learn this on the fly so any help is greatly appreciated.

     

     

     

  • Carthurs

    You can get more detail about the tunnel using the command below. i.e. What parts of that config are actually used, what level of offloaded (enc/dec) NP, CP.

    # diagnose vpn tunnel list name <tunnel_name> (If you post here be sure to obfuscate the IP's, etc.) There could be other causes such as MTU, fragmentation, NAT-T or even the far end being slow.

    “The more I learn, the more I realize how much I don't know.” ― Albert Einstein
    “The more I learn, the more I realize how much I don't know.” ― Albert Einstein
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors