- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Trouble with Ipsec vpn client behind fortigate
Dear Brothers
I have a draytek router vigor 2962 behind a fortigate , Fortigate conmected to internet using pppoe, draytek establish an ipsec tunnel to another fortigate (not behind NAT) of remote site, the vpn is connect OK, but the traffic is very slow when copy file from/to remote sites and hang after few minutes.
If i use my Draytek to connect directly to internet using pppoe instead of goin throught the fortigate as gateway then everything is ok, no problem,
So is there anyone here ever face of this pls kindly help.
I think that there is problem with draytek wan MTU and IKE MSS, but i adjust to many values and not helped
Thank you.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @AntonyChen ,
Here is the best document to set certain values: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
Also, if you see some kind of slowness, please try to disable offloading on the Firewall policy as well as on the tunnel, and see if that can increase the throughput.
Another troubleshooting step involves conducting an iperf test over the VPN connection. Furthermore, you can create a VIP (Virtual IP) on the FortiGate firewall and connect an internal device to run the iperf test. This approach can help identify potential issues affecting network performance.
By following the aforementioned troubleshooting steps, you can effectively pinpoint and address the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @maulishshah
I will follow the document about mss value as well as offloading on FGT to see if it can help
