Hi All,
Recently we have been bombarded with many queries regarding whether this or that FortiGate model can get this kind of speed (500Mbps or 800Mbps) when using PPPoE.
Most of the queries come from customers that use a range of models from 50 to 100 (D, C, and F).
Following KB and forums, we ask them to do many things such as:
1. checking MTU size,
2. verify interface speed,
3. either use UTM on the firewall policy or not,
4. verify if the ISP guarantees the speed
5. Can get the speed if using ISP's router
6. and more
Aside from needing to check and troubleshoot, is there any clear answer or baseline on which models can support 500Mbps/800Mbps? I read somewhere that this issue is related to the CPU of the firewall itself.
Let's say a customer wants to buy a new firewall to cater to a small office with at most 30-50 active users and ask if 60F or 80F is suitable and can reach 500Mbps/800Mbps.
Please advise
Thanks.
Regards
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Umar,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hi,
Thank you Anthony for the update.
Basically, the customer asks this kind of queries is when they are upgrading their internet line from low-speed internet to 500Mbps or 800Mbps.
I am not sure it is a good practice to advise them to use another router to perform dial-up PPPoE and put FortiGate behind (which is proven by multiple comments in the forums and my own test). I feel like the answer feels cheap coming from me as Fortinet's partner.
Thanks
Indeed: )!
I think with the baseline, we can give black and white proof to the customer about this case. If not, I will need to loan the same unit as my customer every time the query came (with a different unit of course) and set up it at my own house to test the speed with PPPoE dial-up.
Greetings Umar,
In short, with a PPPoE connection, you`ll be unable to utilize the hardware acceleration and therefore can`t expect high throughput.
The reason behind it is the fact that the PPPoE terminated in virtual interfaces where traffic is not able to be handled by hardware acceleration:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Interface-not-supported-by-NPU-Offload/ta-...
I would say there are two standard solutions to address this limitation:
1. Get rid of the PPPoE and convince the ISP to use static or DHCP addresses.
2. Use an upstream device that will terminate PPPoE and use a regular L3 connection from the upstream device towards to the Fortigate.
Ahmad
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.