Hello! Please, help me.
We use FortiGate 200E in our company.
I have difficulty using the VPN. The speed when connecting to VPN is only 1-2 mbps. How can I fix this? The channel at both ends of 50 mbps
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Are you using SSL or IPSEC .? Is it site to site or Remote access ?
Speed is always depending on your internet bandwidth .If the Internet Link is over utilized then there is no much room for VPN traffic .You better focus on bandwidth management .
Regds,
Ashik
All - this isn't an issue of CIFS or NFS being slow over VPN because of the inherent nature of those protocols. This is a bug in the Fortinet software, and I'm surprised it's not a bigger deal to more people. It happens on IPSEC tunnels as well.
I've spent a week working on this on devices using various 5.6 versions.
I've adjusted every MTU and TCP MSS setting.
I've adjusted NAT traversal to forced.
The 355kb/sec transfer is the clue - how is it possible multiple people are getting the exact same performance from different servers and different circuits and different hardware? Because it's an inherant firmware bug.
Someone from Fortinet needs to send out a bulletin to explain this in detail and note the correct firmware version that fixes it for everyone. Honestly can't believe this has gone on for so long. I have a ticket open but they haven't yet replied. Frankly not a good reflection on Fortinet.
Hi,
Are you using SSL or IPSEC .? Is it site to site or Remote access ?
Speed is always depending on your internet bandwidth .If the Internet Link is over utilized then there is no much room for VPN traffic .You better focus on bandwidth management .
Regds,
Ashik
SSL. This is remote access. I tried to download files from the local network to my laptop and no more traffic was used.
I assume you meat 50Mup/50Mdown on both ends for the internet circuits. What kind of numbers did you see when you run just local internet speedtest (like speedtest.net if in US)? Were they about 50M/50M on both ends?
toshiesumi wrote:Now I tested using LTE. When the VPN is connected, the speed is 30/9 mbps. After that, I tried to download the file from the local network to my laptop and the download speed did not exceed 500 kb/sI assume you meat 50Mup/50Mdown on both ends for the internet circuits. What kind of numbers did you see when you run just local internet speedtest (like speedtest.net if in US)? Were they about 50M/50M on both ends?
CIFS and NFS over WAN VPN will always inherently be slower because of the way the protocols work. Read the following article that will help explain why bandwidth isn't necessarily the issue.
https://www.eetimes.com/document.asp?doc_id=1272058#
One thing you can check that might help your VPN performance is enabling DTLS on your SSL settings.
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38162
All - this isn't an issue of CIFS or NFS being slow over VPN because of the inherent nature of those protocols. This is a bug in the Fortinet software, and I'm surprised it's not a bigger deal to more people. It happens on IPSEC tunnels as well.
I've spent a week working on this on devices using various 5.6 versions.
I've adjusted every MTU and TCP MSS setting.
I've adjusted NAT traversal to forced.
The 355kb/sec transfer is the clue - how is it possible multiple people are getting the exact same performance from different servers and different circuits and different hardware? Because it's an inherant firmware bug.
Someone from Fortinet needs to send out a bulletin to explain this in detail and note the correct firmware version that fixes it for everyone. Honestly can't believe this has gone on for so long. I have a ticket open but they haven't yet replied. Frankly not a good reflection on Fortinet.
Completely agree @atsak.
Unfortunately, I had this disagreement with the Fortinet tech. However, we do have an issue with our Internet connection. We are sorting out that before pursuing with Fortinet. I know there is a problem with our Fortigate for two reasons:
a) The problem is intermittent. Sometimes the performance is great. By this I mean, we get arround 12Mbps from our 30Mbps connection. During this time, everything feels snappy. Then, at seemly random times, we only get around 1-4Mbps and applications feel horribly slow. Bear in mind, I am benchmarking this with a speed test app with it's custom protocol ("LAN Speed Test") - not SMB or anything as chatty. For every benchmark, I make sure our Internet connection has minimal use using our network monitoring tool (PRTG).
b) As part of the ticket, we benchmarked betweek two local ports, bypassing our ISP. The 200E is marketted with 900Mbps of SSL VPN throughput. I could get around that through the firewall but only about 30% of that through the SSL VPN. I think this is false advertising. I guess if I was using multiple streams and/or ports it could perform better. But I feel that should be advertised.
I'm having the same problem. I have a ticket open with Fortinet. I get about 3Mbps out of our 25Mbps connection (real speed - claimed is 50Mbps). We have two FortiGates with the same symptom (a 200E and 100E). It is slow SSL, IPsec and native IPsec remote access VPNs. I suspect it is since we upgraded to FortiOS 6.0 (we only had the firewalls for 1 week before we upgraded). Mysteriously, I benchmarked around 17Mbps twice (on different days) without any configuration changes. Two hours later, the VPN was slow again.
Did you sort yours out armeez88?
I must recommend to you PureVPN, and NordVPN. both are Fast VPNs. I have been a user of PureVPN for more than a year. here the guide vpnranks.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.