I don' t know who your ISP is, but Cablevision systems will throttle your bandwidth WAY back if they feel you have a server on their network (ask me how I know...). Transferring a large file or files (like I used to do to the photo lab I worked for) fits the pattern of a ' server' and they cut me down at the knees. Why I' m a FIOS customer now. My two cents

I did a test on the client machine to see what the tunnel did to my throughput.

To where did you do you test? Point-to-point using iperf? Or did you test to the internet meaning: Option 1: VPN Client>Internet (6 up/2 down)> Fortinet> Internet (6 up/2 down)> Bandwidth testing server/site or Option 2: VPN Client (not connected)>Internet (6 down/2 up)> Bandwidth testing server/site AKA This is a little difficult to explain in text... Internet bandwidth test tunneling through VPN: 6Mbit-overhead>6Mbit-overhead>2Mbit>6Mbit>2Mbit-overhead Anyway... use iperf to test throughput... use hrping to test latency... What you need is a piece of software that transfers a file and give you time of the operation... creatfil.exe (not a typo) is a tool that will make a file, but doesn' t give you a T0+ time stamp. iometer is a little crazy for this situation. maybe xcopy or robocopy have a switch that' ll give you time? First thing you should do is test with iperf. You' ll be quite sad what the throughput actually is... how many hops? no QoS over the internets :( Are you using the same isp? While not connected, run a tracert or a pathping to see how many hops you' re going through. If it' s the same ISP, the traffic may not leave their network. We use Cogent in NYC and will be using Cogent in Geneva, Switzerland; Cogent said that it won' t leave their network. Let me know how it goes. I' d be interested in an average of ten runs from both sides. Good luck, Matt

As Bob stated, if your TCP Maximum Transmission Unit is too large, lowering it will cut out the overhead on the Fortigate adjusting it (even though it' s safe to say your router is adjusting it). Usually MTU size on the internet is 1472. See determining your MTU (it' s really easy). Test MTU both to a host on the other side of the VPN, and to the internet (I would expect them to both be 1472, since both are traversing the Internets). Here' s some more points that I think you need to concentrate on: 1) Your internet bandwidth is going to be slow while tunneling over the VPN. 2) To solve this, configure split tunnel. 3) You seem to be actually concerned with SMB efficiency, which includes bandwidth, throughput and latency. Concentrate on making this more efficient, or simply determining if it is inefficient; because it doesn' t seem that you' ve solidly determined this yet. I' m on the edge of my seat over here. Let me know how it goes, Matt