I have 100 Mbps internet connection and right after upgrading from 7.2.5 to 7.2.6 on my FortiGate-200F, the VPN dropped to max 30 Mbps. Anyone else has this problem?
After reverting to 7.2.5 it went back to normal.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You mean SSL VPN or IPsec?
If site to site, has the remote node been updated to the same as well?
SSL-VPN. After connecting via FortiClient transfer was capped at ~30 Mpbs
Hello @spzoz,
If you have 100mbps link then 30-50 Mbps is want you can get max through SSLVPN because of its bigger header size. However, if you were getting good speeds with 7.2.5 then make sure under the ssl vpn settings if DTLS is enabled or not. By default it should be enable. But please cross check it. Also try to built dial-up ipsec for testing and see if you get speeds any better..
#config vpn ssl settings
#show
Regards
Kumarv
I never had to enable that option. It's not the matter of breaking connection but transfer cap. After going back to 7.2.5, I had full 100 Mbps transfer back (with no settings change on FortiGate/FortiClient). It has to be a firmware problem.
Hi @spzoz
If you have TAC ticket no pls share. I will make a test lab base on the configuration. Thanks
Regards
Bill
I tested with 200F using Windows with Forticlient connected to firewall 7.2.6 build 1575. Then, use SFTP to download/upload traffic to other computers. It worked well with over 100M uploads and around 70M downloads. If you have a TAC ticket, pls share. I can test in the lab based on your configuration. Thanks
Regards
Bill
There's a known issue in 7.2.6. If data ingresses from a ten gig interface and leaves via a one gig (either single port or an aggregate), your throughput dies. Traffic in the opposite direction is not impacted.
We've had this on a couple of HA clusters which we've had to downgrade back to 7.2.5. We've raised a ticket with TAC who don't seem to be treating it as an urgent bug (our ticket has been open for a week). 7.2.5 has it's own set of issues (SDWAN configurations get broken if you edit them) so we are not happy with this situation. We haven't been given the bug ID yet and it doesn't appear in the 7.2.6 known issues within the release notes. Frustrating.
This information is new to me—that traffic from 10G to 1G. We almost tested from 10G to 10G with various Hardware versions. Can you share what is your version? Or TAC ticket? We can get information from ticket and try it in our lab now. Thanks
RG/Bill
Hi Bill
Thanks for the response. We had this issue on 2 pairs of 200Fs running 7.2.6.
Both were in an HA cluster (Active / Standby).
Internal VLANs were connected to a single ten gig port (x1)
Outside ports (connected direct to ISP) were 2 x 1 gig copper ports (ports14/15) in an aggregate.
Our ISP termination is a 1 gig feed.
At 7.2.6 our download speed from ISP to LAN is 900 Mbps +
At 7.2.6 our upload speed from LAN to ISP is max 30 Mbps.
This has been tested using iperf3 (we have an iperf3 server direct on the Internet) using multiple parallel streams and also UDP and TCP. We have also tried uploading using HTTPS - same result.
We reverted to 7.2.5 and all performance issues go away and we get 900 Mbps in each direction with no other changes.
A search on Reddit also shows other people with the same problems at 7.2.6.
One example:
https://www.reddit.com/r/fortinet/comments/17xhigo/200f_wan_traffic_out_super_slow_since_726/
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.