Hi everyone. Thanks in advance for any help you can provide.
We have a Fortigate 90D and a 50Mbps (up and down) connection at our office. The speed test at http://speedof.me/ came up at approx 37Mbps up and down, which is fine, as I ran the test in the middle of the workday. HOWEVER, downloading files and other web activity can be painfully slow, sometimes as slow as 100KBps (!). I look at the bandwidth graph on the 90D and i see nothing to suggest that something is hogging bandwidth. The CPU is hovering around 10%.
Sometimes, downloads are fine. I downloaded a VMWare iso at 2.4MBps. Other times, the downloads are awful. I tried downloading a Windows Service Pack and it went at about 200KBps.
Any thoughts? I will provide whatever details I can.
hi,
one reason for slow speeds on a fast line can be a mismatch of the MTU. If IP packets are larger than the MTU they need to be fragmented which can cause latency.
Your ISP should give you infos on the kind of connection and if there is a smaller MTU used than 1518 bytes.
thanks! i will ask.
If you have any UTM features (mainly virus scanning) enabled on the policy covering the effected traffic, keep in mind that the fgt will try to buffer the entire file to it's max buffer size limit (usually 10 MB) before "releasing" it or dropping it (based on what is the default action). (At least in proxy mode.) This virus scanning does "slow down" the transfer rate; Fortinet use to publish actual "Antivirus Throughput" data on their datasheets, but appears to be "removed" from later models and/or balled into their NGFW throughput data.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
The proxy introduces a delay but does (ideally) not reduce the throughput. The data will be released to the host after scanning has finished at wirespeed.
Boils down to reasonable benchmark parameters: data sizes larger than any internal buffers (>> 10 MB), duration longer than any intermediate scanning delays (couple of minutes should do). The hardware in question is capable enough for 50 Mbps even with UTM features enabled.
Lately we've seen in the forums that PPPoE is handled by CPU in the current firmware versions which can bog down the CPU significantly. But that doesn't seem to be involved here.
Antivirus throughput is still there on the datasheets - it's called IPS now.
@rpedrica: are you replying to the wrong thread? https://forum.fortinet.com/tm.aspx?m=132959 is better suited.
If so, you can delete your post from here using "Manage".
But even then, IPS is not AV - flow-based AV uses the IPS engine but that's not the same. As a coarse measure (rather, an upper limit) you can look at the IPS throughput if you want to evaluate the (flow-based) AV throughput.
User | Count |
---|---|
2548 | |
1354 | |
795 | |
646 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.