A client did an upgrade to their bandwidth (50/50) and although download speeds are fine 50-52Mbps, upload speeds are always between 10-12Mbps (on any workstation/server).
If I connect a laptop directly do the ISPs ethernet cable I get 50Mbs up. Its only when connected via the FortiGate 60D.
I didn't setup this FortiGate initially. I tried disabling all policies except the default ones (no change). MTU is set to the default 1500. Should I mess with the MTU or TCP-MSS values? I read a couple of thread mentioning messing around with those value, but I'm not sure if it would help in this case. Like I mentioned download speeds reach 50-52Mbps easily, its the upload speed that are being capped for some reason.
My issue was in my LAN not between my switch and the fortigate. I suggest looking at every trunk link you have setup and making sure they are all:
switchport mode trunk
switchport nonegotiate
on both sides of the links
The config you use is the same as we use, but we do have a default route pointing to the interface of the fortigate. Also I would get rid of the portfast command. It probably will never matter, but in general it isn't a good idea to have portfast on interfaces that connect to other switches, routers, or firewalls.
So it was outside of the FortiGate, and LAN side?
Toshi
Yes, I had one end of an ether channel bundle set as both trunk and access. This was between my servers and my core switch stack.
Then when you compared the result with direct laptop hook up to the ISP router, you didn't hook up the same laptop directly to the FGT. That's very important comparing "apple to apple".
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2647 | |
| 1405 | |
| 810 | |
| 690 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.