Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
52000cc
New Contributor

Created on ‎01-10-2025 01:03 AM

ipsec VPN issue

Could you advise if there are any methods to diagnose the quality of an IPsec VPN? I've noticed that the speed between my two site-to-site IPsec connections is quite slow. However, when I switch to OpenVPN, the speed returns to normal Could there be any settings that might be affecting this? Thanks.

Labels:
551
0 Kudos
8 REPLIES 8
kaman
Staff
Staff

Created on ‎01-10-2025 06:58 AM

Hi 52000cc,

You can check for NPU offloading settings: Check if NPU offloading is enabled or disabled.

- Drops on NPU chips: Look for any drops on the NPU chips.
- CPU/Memory utilization: Monitor the FortiGate's CPU and memory utilization for any anomalies.


Please refer to the below document on how to troubleshoot speed issue through IPsec tunnel using iperf tool:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-troubleshoot-speed-issue-through-IP...


I hope it helps!

Regards,
Aman

514
52000cc
New Contributor

Created on ‎01-10-2025 07:05 AM Edited on ‎01-10-2025 07:07 AM

Could you please let me know where to find the NPU offloading settings? Also, which command should be used to enable it? I am using the VM version, which does not have an NPU chip.Thanks

504
0 Kudos
52000cc
New Contributor

Created on ‎01-10-2025 06:29 PM

Below are the results of my iperf3 test. The reverse direction speed appears abnormal. Could you please advise if there is any misconfiguration causing this issue?

ipesec iperf3 test speed:
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 218 MBytes 182 Mbits/sec sender
[ 5] 0.00-10.09 sec 217 MBytes 181 Mbits/sec receiver

ipesec iperf3 -R test speed:
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 21.1 MBytes 17.7 Mbits/sec sender
[ 5] 0.00-10.01 sec 20.9 MBytes 17.5 Mbits/sec receiver

openvpn iperf3 test speed:
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.02 sec 161 MBytes 135 Mbits/sec sender
[ 5] 0.00-10.03 sec 161 MBytes 135 Mbits/sec receiver

openvpn iperf3 -R test speed:
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.02 sec 204 MBytes 171 Mbits/sec sender
[ 5] 0.00-10.02 sec 203 MBytes 170 Mbits/sec receiver

450
0 Kudos
52000cc
New Contributor

Created on ‎01-18-2025 08:16 PM

Can virtual machines support NPU? The command output shows npu_flag=00. Should I enable it, or is it not applicable?

359
0 Kudos
kaman
Staff
Staff

Created on ‎01-19-2025 12:36 AM

Hello @52000cc ,

The VM-based FortiGates do not have NPUs and rely on CPU processing for IPsec encryption and decryption.

Regards

346
0 Kudos
52000cc
New Contributor

Created on ‎01-19-2025 03:10 AM

Okay, so I don't need to adjust any NPU-related settings, right? Then what could be causing the issue, and which settings should I adjust?

334
0 Kudos
vbandha
Staff
Staff
In response to 52000cc

Created on ‎01-30-2025 06:25 AM

Hi @52000cc 

The NPU offloading does not happen in VM fortigate. 

 

Usually the issue is the speed between the two WAN links being slower than expected. 

You can test for this by doing Iperf test between WAN links of the two sides:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-troubleshoot-speed-issue-through-IP...

 

Regards, 

Varun

241
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.