Hello! Please, help me.
We use FortiGate 200E in our company.
I have difficulty using the VPN. The speed when connecting to VPN is only 1-2 mbps. How can I fix this? The channel at both ends of 50 mbps
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Are you using SSL or IPSEC .? Is it site to site or Remote access ?
Speed is always depending on your internet bandwidth .If the Internet Link is over utilized then there is no much room for VPN traffic .You better focus on bandwidth management .
Regds,
Ashik
All - this isn't an issue of CIFS or NFS being slow over VPN because of the inherent nature of those protocols. This is a bug in the Fortinet software, and I'm surprised it's not a bigger deal to more people. It happens on IPSEC tunnels as well.
I've spent a week working on this on devices using various 5.6 versions.
I've adjusted every MTU and TCP MSS setting.
I've adjusted NAT traversal to forced.
The 355kb/sec transfer is the clue - how is it possible multiple people are getting the exact same performance from different servers and different circuits and different hardware? Because it's an inherant firmware bug.
Someone from Fortinet needs to send out a bulletin to explain this in detail and note the correct firmware version that fixes it for everyone. Honestly can't believe this has gone on for so long. I have a ticket open but they haven't yet replied. Frankly not a good reflection on Fortinet.
Replying to you PM, yes enabling DTLS on my client works but it doesn't solve the bandwidth problem. I'm running the the same versions as you.
Duncan wrote:PM'ed you the ticket number. The ticket has been escalated to development as we've proven a bug in FortiGate.
FYI, the support tech and I tried IPsec, lowing TLS version and cypher and hardware acceleration with no avail.
Last week FortiOS 6.0.3 was released so I am planning to install that tonight. I'll let you know the results.
Tell please, did you install new firmware? Problem with low speed actually?
Yes I did install it. Unfortunately it made not difference to the VPN performance.
i have the same issue using openssl vpn and very slow access to my server
VPNs are great for protecting your privacy and seeping your data secure, but almost all VPNs come with one major downside: they slow down your internet connection. Many VPNs slow you down as much as 50%. This can make trying to stream a movie or have a video chat almost impossible
If you search the help pages on any VPN service they will tell you to check the same things when trying to fix a slow VPN experience:
[ul]Reading the same advice over and over again can make you feel like you are the problem. But, the truth is most of the time your router is fine, your ISP is delivering the speed it promised, and you are using the closest server.
We just hit this same issue attempting an upgrade of a 201E from 5.6.x to 6.0.3. Even though the spoke sites had been upgraded already, when we upgraded the hub site to match, it killed VPN performance across the board. Throughput dropped by a factor of 10. As a last gasp, we upgraded to 6.0.4 and the issue was resolved. Performance was back to normal. We were even able to upgrade to CHACHA20POLY1305-PRFSHA512 encryption across the board with no decrease in performance.
The release notes mention a bugfix, specifically 515375, regarding the VPN going down randomly. But whatever was causing these drops must have also been a cause of the poor performance.
It's better to talk directly to the services provider. They can resolve the issue.
So we have the same issues on a couple of devices. FortiGate 60E, 100E, 200E, Running OS 6.0.4, 5.6.x and so on. Tried with DTLS, no change. Also no Bandwidth issues on both sites. Upload through SSL VPN stuck at 355 KB/s.
Are there any news regarding this issue?
We're in the process of migrating some SRX/SSG hub sites that terminate to a SSG140 over to a Fortinet 100e.
We migrated a site with newer SRX300 and SMB file copy IPsec tunnel performance is as expected in both directions.
Migrated a site with an old SSG5 and SMB file copy IPsec tunnel performance is as expected in both directions.
Migrated a site with a SRX220h and SMB file copy IPsec download to site is as expected. Upload from site appears to max out at the exact 355kbps speed.
Current 100e firmware is: v6.2.3 build1066 (GA)
*Update: So i logged into an RDP session @ the remote site and did a download test from Hub site and got the expected performance. Did an Upload to a server @ Hub site and it was close to 10x faster. Closer to what it should be, but not quite.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.