Hey guys,
Please bear with me here, as I work way more with couple other vendors, though I would say Im fairly verse when it comes to Fortinet : - ). Anyway, here is the scenario. Customer purchased 2 brand new 200F firewalls and we have really odd problem and my colleague (who btw is real Fortigate guru) are having heck of a time trying to fix this problem. Essentially, even if single person is connected to ssl vpn, responses to anything internal are real slow and ping times can go up to 2000 seconds. We tried failover, no luck, disabled assic offload for ssl vpn rule, tested multiple barebone forticlient versions (no luck), enabled DTLS tunnel option, same issue.
Now, there are only maybe 6-7 security rules configured, so its super basic. We even have TAC case open for this for about a week, but since they cant replicate it, guy suggested to try reboot the current primary firewall. I have no clue if that will help, as it has been up for only 35 days, but it would need to be scheduled with the customer.
Also, maybe worth pointing out, ssl vpn rule does NOT have any security profiles configured at all.
This week, I attempted things from below posts, but same issue persists.
Troubleshooting Tip: ‘SSL-VPN slow file transfer ... - Fortinet Community
Solved: SSL VPN poor speed - Fortinet Community
Fortigate slow SSL VPN throughput : r/networking (reddit.com)
Current version is 7.2.5
Any help/suggestions are welcome and highly appreciated!
Thanks so much in advance.
Kind regards.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Andy,
if TAC cannot replicate it, can you replicate it in a lab to be able to further troubleshoot it without having to ask the customer for maintenance windows?
Hey Danny,
Well, when I test this from my own work laptop or even my personal desktop, I have exact same issue.
Andy
Perfect. So reboot your lab firewall that shows the same symptoms and you are able to reply to TAC.
Im not connected to lab firewall. What Im saying is when I connect to their ssl vpn from my work laptop using forti client, I have exact same issue.
Created on 10-18-2023 07:02 AM Edited on 10-18-2023 07:05 AM
I understand that. In order to avoid asking your customer for a maintenance schedule I recommend that you first try to replicate the issue on a lab FortiGate. That's what I do for our customers all the time.. trying to replicate the issue.. then fixing it in the lab.. after solution has been found.. inform the customer and perform the change in the customers' production environment.
Setting up a lab is free and easy. Just download a FortiGate VM issue of the same FortiOS version that is in use at your customers' producation environment. Import the and adjust the configuration and ready to test.
See, thats the issue, we cant replicate it in our lab either...
Created on 10-18-2023 07:07 AM Edited on 10-18-2023 07:09 AM
Then I only see two options:
Let us see if they approve the reboot, it might help.
Hi, sorry for the late reply, I see 2 ways - Short one and Long one, I'd start with the Short.
Short:
Long:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.