Hello, I have been struggling for some time now to fix an issue with a customer who has 3 FGT 90D's on 3 different sites, with full mesh vpn between the sites. Also there is an ipsec tunnel to Azure configured on each Fortigate.
Problem is that traffic over vpn tunnels goes very slow. What I have checked until now:
- ipsec traffic cannot be offloaded to a dedicated asic (90D only has a SOC processor)
- UTM filtering is only configured for outbound traffic, not for incoming tunnel traffic (to prevent packets are inspected twice)
- cpu and memory load is normal
- mtu of wan interface is 1492 (so not default 1500) and mtu of ipsec tunnels is 1422 bytes
- monitoring wan interface on dashboard doesn't show a wan interface that is fully consumed.
- AES encryption is used on tunnels (less resource intensive than 3DES)
Anyone has any suggestion?
Thank you and regards,