Our customer got an upgrade from their ISP and with that a new modem. Now the internet speedtests show 3 mbps down and 10 up. If we plug a computer directly to the modem, we get 100 mbps down and 10 up.
One strange thing is that if we use the ISP's own speedtest, we get around 60 mbps down and 10 up through the Fortigate. We have spoken to the ISP and they claim the fault is in our equipment. I have checked the wan port and there is no custom MTU settings applied. Speed of wan interface is 1000 mbps and full duplex.
Description Marvell NETA Gigabit Ethernet driver 00000010
System_Device_Name wan
Current_HWaddr 70:4c:a5:22:11:61
Permanent_HWaddr 70:4c:a5:22:11:61
State up
Link up
Speed 1000
Duplex full
Rx_Packets 26878
Tx_Packets 24300
Rx_Bytes 19236130
Tx_Bytes 8121040
if=wan family=00 type=1 index=4 mtu=1500 link=0 master=0
ref=146 state=off start fw_flags=0 flags=up broadcast run allmulti multicast
Qdisc=mq hw_addr=70:4c:a5:22:11:61 broadcast_addr=ff:ff:ff:ff:ff:ff
stat: rxp=28972 txp=26276 rxb=20229781 txb=8594900 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=146
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Team,
Could you confirm the CPU and memory utilization you are seeing on gui.
Could you please create a plain firewall policy for a single machine, keep the policy above all the rules and test the speed.
Also please execute the below commands to check if there are any drops at interface level
#diag hardware device info port name
#fnsysctl ifconfig wanport
#get system performance status
#diag sys top
Also, let us know if you have configured any traffic shaping policy
I don't think there are any big bandwidth consumers on the network. The test results are very consistent. There are no traffic shapers being applied.
wan Link encap:Ethernet HWaddr 70:4C:A5:22:11:61
inet addr:62.16.163.116 Bcast:62.16.163.255 Mask:255.255.255.0
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:1401626 errors:0 dropped:0 overruns:0 frame:0
TX packets:883533 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:1578368022 (1.5 GB) TX bytes:191556583 (182.7 MB)
Interrupt:194
CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU0 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU1 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
Memory: 1030440k total, 415892k used (40.4%), 602084k free (58.4%), 12464k freeable (1.2%)
Average network usage: 300 / 297 kbps in 1 minute, 652 / 665 kbps in 10 minutes, 621 / 413 kbps in 30 minutes
Average sessions: 318 sessions in 1 minute, 274 sessions in 10 minutes, 299 sessions in 30 minutes
Average session setup rate: 1 sessions per second in last 1 minute, 1 sessions per second in last 10 minutes, 0 sessions per second in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 0 days, 8 hours, 38 minutes
Run Time: 0 days, 8 hours and 39 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 1006T, 585F
httpsd 405 S 0.9 1.8
dnsproxy 239 S 0.4 3.9
cw_wtpd 245 S 0.4 1.6
httpsd 1447 S 0.4 1.4
newcli 1468 R 0.4 0.5
cmdbsvr 104 S 0.0 2.4
pyfcgid 1173 S 0.0 2.2
pyfcgid 1177 S 0.0 1.9
sslvpnd 221 S 0.0 1.8
httpsd 209 S 0.0 1.8
cw_acd 242 S 0.0 1.8
httpsd 281 S 0.0 1.8
miglogd 207 S 0.0 1.7
httpsd 1453 S 0.0 1.5
pyfcgid 1175 S 0.0 1.5
pyfcgid 1176 S 0.0 1.5
forticron 216 S 0.0 1.3
httpsd 1465 S 0.0 1.3
fgfmd 241 S 0.0 1.1
httpsd 1466 S 0.0 1.1
Hi CCST,
Please make sure your testing is as below:
PC <<>> Fortigate <<>> Modem ISP
Means, the testing is between this 3 devices only. No switch, no Access point.
1 PC direct connect to the Fortigate and run the speed test again.
Make sure Policy IPv4 did not enable with any security profiles.
Please let me know your finding so we can proceed further.
Created on 06-15-2022 03:05 AM Edited on 06-15-2022 03:06 AM
I will try that later when I am on-site.
However I can monitor bandwidth usage in FortiView. I have monitored WAN for idle periods and then ran a speedtest from local server. I then see that the test consumes about 3 Mbps of bandwidth and after the test completes, the WAN interface is again idle. This to me indicates that there is nothing else fighting for the available bandwidth.
Remaining suspects are a broken cable between modem and FGT or perhaps a loop or something else creating network noise, but then I would have expected it to show up on interface statistics. There is also the fact that test speed is much better when using ISP's own speedtest.
I will update after on-site visit.
Hi CCST,
Yes, broken cable, loop, can lead to your issue too.
The best way is to minimize possibilities and connect direct to the Fortigate.
Hope to have your finding soon. :)
Created on 06-16-2022 12:12 AM Edited on 06-16-2022 12:13 AM
I just got the results from disconnecting everything from the FGT:
Directly connected to modem | In | Out |
speedtest.net | 105 | 10 |
fast.com | 100 | |
broadbandspeedchecker.co.uk | 100 | 10 |
Through FGT, only 1 PC | In | Out |
broadbandspeedchecker.co.uk | 67,00 | 10 |
speedtest.net | 3,00 | 10 |
54,00 | 10 | |
speed.io | 2,30 | 10 |
openspeedtest.com | 66,00 | 10 |
bredbånd.no | 1,80 | 10 |
What could be causing these very differing results through the FGT?
Hi CCST,
Thank you for the update.
Some speedtest website use javascript and do simultaneous download and not really accurate. I would suggest to use HTML5 speedtest like openspeedtest.com .
May i know, are you using PPPOE or static ip on the FortiGate.
I can see you are using model FWF30E. If you are using PPPOE, please consider to use static IP. Lower end model basically did not have enough capability to handle PPPOE for high bandwidth.
It is a dynamically assigned IP from the ISP (no NAT). It is not PPPOE.
Hi CSST,
I wish you can get a proper support on this. Do you mind to call Fortinet support?
Here is Fortinet hotline: number: https://www.fortinet.com/support/contact.html
Hope your case can be solve soonest.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.