- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Slow VPN connections
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Slow VPN connections
He recently upgraded from a FortiGate 80E to a 200F. Running version 7.4.1 .
The config has been rewritten manually to match the different interfaces.
Everything went well, but recently we are seeing a serious slowdown in VPN traffic:
The internet connection is 1000/300Mbit/s.
With a speed test from an internal server, we are reaching this speed without problems.
When connected via VPN -no matter if SSLVPN, Client IPSEC or Site-to-Site IPSEC, we only get speeds of 5-10Mbit/s in both directions, measured via iPerf3.
iPerf3 to an internal server directly executed on the FortiGate shows about 4GBit/s.
All traffic shapers have been deactivated for testing purposes.
All additional functions like Antivirus, IPS... are disabled on the SSLVPN policy (ssl.root->lan).
I don't have any clue why all VPN connections are that slow... anyone has an idea?
Labels:
- Labels:
-
FortiGate
- « Previous
-
- 1
- 2
- Next »
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @netmin_02
we use two WAN connections:
a local Fiber provider which ist "M-Net" (1000 Mbit down, 300 Mbit up) and
a Vodafone cable connection which is only used for guest internet/backup.
In both cases there is a FritzBox as router, and the Fortigate Interfaces are configured as "exposed host" so all traffic is being forwarded to the FG.
In both cases there is separate NAT, so the real external IP is on the FritzBox Router.
Best, Florian
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the same problem. The wan settings are the same as yours. The problem was with the router/firmware in front of the FG. The router dropped the bandwidth only in vpn tunnels.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @ITworks and all.
Please check the new temporary workaround for 7.4.2, 7.4.3 in this link :
FortiOS 7.4.2 Bug Causes IPsec VPN Tunnel Phase 2 ... - Page 4 - Fortinet Community
HTH
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@netmin_02thats very interesting. We will check if SSLVPN from the "transfer network" between the FritzBox Router and the Fortigate makes any difference, and report here. Thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@BillH_FTNTthank you, I red this post and it just mentions IPSEC unstability... SSLVPN seems not affected (or not tested). If it's not really the router, we will have to consider downgrading to a previous FG firmware... will report here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's fascinating that we use the same setup and have encountered similar issues with SSL VPN (Fortigate 200F + Fritzbox 5490 + Fiber Speed Download: 500 Mbit/s Upload: 400 Mbit/s). Today we upgraded to version 7.4.4 and observed a slight improvement in performance (previously 5 Mbit/s Download 50 Mbit/s Upload, now 35 Mbit/s Download 50 Mbit/s Upload). Have you already carried out a test on the transmission network or found another solution?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ITworks,
Maybe use DTLS can solved your problem.I shared document below how can apply DTLS on your VPN
Tahsin
If my writings have helped you find a solution. Please like so that others can easily access it as well.
TahsinCabuk
TahsinCabuk
If my writings have helped you find a solution. Please like so that
others can easily access it as well.TahsinCabuk
- « Previous
-
- 1
- 2
- Next »
Related Posts
- Convert IPSEC interfaces to SDWAN 131 Views
- Unable To Connect VPN 238 Views
- How to connect/disconnect FortiClient 7.2 from... 211 Views
- Forticlient 7.2.4 breaks authenticated active connections... 189 Views
- Fortigate antivirus scanning in proxy mode... 152 Views
Labels
-
FortiGate
6,768 -
FortiClient
1,345 -
5.2
801 -
5.4
639 -
FortiManager
581 -
FortiAnalyzer
425 -
6.0
416 -
5.6
362 -
FortiSwitch
347 -
FortiAP
346 -
FortiClient EMS
274 -
FortiMail
263 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
162 -
6.4
128 -
FortiNAC
113 -
FortiGuard
108 -
FortiSIEM
91 -
FortiGateCloud
88 -
IPsec
87 -
FortiCloud Products
85 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
69 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
SD-WAN
34 -
FortiExtender
33 -
FortiSandbox
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
24 -
FortiConnect
24 -
FortiAuthenticator
23 -
VLAN
23 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
SAML
15 -
FortiMonitor
14 -
BGP
14 -
DNS
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
LDAP
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Authentication
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
SSO
8 -
Application control
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Fortigate Cloud
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web application firewall profile
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.