Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
armeez88
New Contributor

Slow VPN speed

Hello! Please, help me. 

We use FortiGate 200E in our company.

I have difficulty using the VPN. The speed when connecting to VPN is only 1-2 mbps. How can I fix this? The channel at both ends of 50 mbps

2 Solutions
Ashik_Sheik
Contributor II

Hi,

 

Are you using SSL or IPSEC .? Is it site to site or Remote access ?

 

Speed is always depending on your internet bandwidth .If the Internet Link is over utilized then there is no much room for VPN traffic .You better focus on bandwidth management .

 

Regds,

 

Ashik

Ashu 

 

View solution in original post

atsak
New Contributor III

All - this isn't an issue of CIFS or NFS being slow over VPN because of the inherent nature of those protocols.  This is a bug in the Fortinet software, and I'm surprised it's not a bigger deal to more people.  It happens on  IPSEC tunnels as well.

I've spent a week working on this on devices using various 5.6 versions.

I've adjusted every MTU and TCP MSS setting.

I've adjusted NAT traversal to forced.

 

The 355kb/sec transfer is the clue - how is it possible multiple people are getting the exact same performance from different servers and different circuits and different hardware?   Because it's an inherant firmware bug.

Someone from Fortinet needs to send out a bulletin to explain this in detail and note the correct firmware version that fixes it for everyone.     Honestly can't believe this has gone on for so long.  I have a ticket open but they haven't yet replied.   Frankly not a good reflection on Fortinet.

View solution in original post

32 REPLIES 32
Duncan
New Contributor III

Replying to you PM, yes enabling DTLS on my client works but it doesn't solve the bandwidth problem. I'm running the the same versions as you.

armeez88

Duncan wrote:

PM'ed you the ticket number. The ticket has been escalated to development as we've proven a bug in FortiGate.

FYI, the support tech and I tried IPsec, lowing TLS version and cypher and hardware acceleration with no avail.

Last week FortiOS 6.0.3 was released so I am planning to install that tonight. I'll let you know the results.

 

Tell please, did you install new firmware? Problem with low speed actually?

Duncan
New Contributor III

Yes I did install it. Unfortunately it made not difference to the VPN performance.

yogaarie

i have the same issue using openssl vpn and very slow access to my server

Carl_Smith
New Contributor

VPNs are great for protecting your privacy and seeping your data secure, but almost all VPNs come with one major downside: they slow down your internet connection. Many VPNs slow you down as much as 50%. This can make trying to stream a movie or have a video chat almost impossible

If you search the help pages on any VPN service they will tell you to check the same things when trying to fix a slow VPN experience:

[ul]
  • Check your internet router
  • See if your ISP is throttling your connection
  • Use the server closest to you geographically[/ul]

    Reading the same advice over and over again can make you feel like you are the problem. But, the truth is most of the time your router is fine, your ISP is delivering the speed it promised, and you are using the closest server.

  • bmastersroot
    New Contributor

    We just hit this same issue attempting an upgrade of a 201E from 5.6.x to 6.0.3.  Even though the spoke sites had been upgraded already, when we upgraded the hub site to match, it killed VPN performance across the board.  Throughput dropped by a factor of 10.  As a last gasp, we upgraded to 6.0.4 and the issue was resolved.  Performance was back to normal.  We were even able to upgrade to CHACHA20POLY1305-PRFSHA512 encryption across the board with no decrease in performance. 

     

    The release notes mention a bugfix, specifically 515375, regarding the VPN going down randomly.  But whatever was causing these drops must have also been a cause of the poor performance.

    NavinJanamp
    New Contributor

    It's better to talk directly to the services provider. They can resolve the issue.

    martin_103

    So we have the same issues on a couple of devices. FortiGate 60E, 100E, 200E, Running OS 6.0.4, 5.6.x and so on. Tried with DTLS, no change. Also no Bandwidth issues on both sites. Upload through SSL VPN stuck at 355 KB/s.

    Are there any news regarding this issue?

    rmcclain64
    New Contributor

    I'm having the same issue.

     

     

    juniper_fan2

    We're in the process of migrating some SRX/SSG hub sites that terminate to a SSG140 over to a Fortinet 100e.

     

    We migrated a site with newer SRX300 and SMB file copy IPsec tunnel performance is as expected in both directions.

    Migrated a site with an old SSG5 and SMB file copy IPsec tunnel performance is as expected in both directions.

    Migrated a site with a SRX220h and SMB file copy IPsec download to site is as expected. Upload from site appears to max out at the exact 355kbps speed.

     

    Current 100e firmware is: v6.2.3 build1066 (GA)

     

    *Update: So i logged into an RDP session @ the remote site and did a download test from Hub site and got the expected performance. Did an Upload to a server @ Hub site and it was close to 10x faster. Closer to what it should be, but not quite.