He recently upgraded from a FortiGate 80E to a 200F. Running version 7.4.1 .
The config has been rewritten manually to match the different interfaces.
Everything went well, but recently we are seeing a serious slowdown in VPN traffic:
The internet connection is 1000/300Mbit/s.
With a speed test from an internal server, we are reaching this speed without problems.
When connected via VPN -no matter if SSLVPN, Client IPSEC or Site-to-Site IPSEC, we only get speeds of 5-10Mbit/s in both directions, measured via iPerf3.
iPerf3 to an internal server directly executed on the FortiGate shows about 4GBit/s.
All traffic shapers have been deactivated for testing purposes.
All additional functions like Antivirus, IPS... are disabled on the SSLVPN policy (ssl.root->lan).
I don't have any clue why all VPN connections are that slow... anyone has an idea?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @netmin_02
we use two WAN connections:
a local Fiber provider which ist "M-Net" (1000 Mbit down, 300 Mbit up) and
a Vodafone cable connection which is only used for guest internet/backup.
In both cases there is a FritzBox as router, and the Fortigate Interfaces are configured as "exposed host" so all traffic is being forwarded to the FG.
In both cases there is separate NAT, so the real external IP is on the FritzBox Router.
Best, Florian
I had the same problem. The wan settings are the same as yours. The problem was with the router/firmware in front of the FG. The router dropped the bandwidth only in vpn tunnels.
Hi @ITworks and all.
Please check the new temporary workaround for 7.4.2, 7.4.3 in this link :
FortiOS 7.4.2 Bug Causes IPsec VPN Tunnel Phase 2 ... - Page 4 - Fortinet Community
HTH
@netmin_02thats very interesting. We will check if SSLVPN from the "transfer network" between the FritzBox Router and the Fortigate makes any difference, and report here. Thank you!
@BillH_FTNTthank you, I red this post and it just mentions IPSEC unstability... SSLVPN seems not affected (or not tested). If it's not really the router, we will have to consider downgrading to a previous FG firmware... will report here.
It's fascinating that we use the same setup and have encountered similar issues with SSL VPN (Fortigate 200F + Fritzbox 5490 + Fiber Speed Download: 500 Mbit/s Upload: 400 Mbit/s). Today we upgraded to version 7.4.4 and observed a slight improvement in performance (previously 5 Mbit/s Download 50 Mbit/s Upload, now 35 Mbit/s Download 50 Mbit/s Upload). Have you already carried out a test on the transmission network or found another solution?
Hi ITworks,
Maybe use DTLS can solved your problem.I shared document below how can apply DTLS on your VPN
Tahsin
Hi @Tahsin
We have already tried activating DTLS. Unfortunately, this did not bring any significant improvement. While there were issues with DTLS before version 7.4.4 which should now be resolved, the speed problem persists in version 7.4.4 with or without DTLS enabled.
Hello,
I have semilar issue With 2 fortigates 300E and 200F connected with sdwan 3 and 2 ISP connexions.
Ticket Was opened but no solution. Any help?!!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.