we have speed problem on vxlan over ipsec connection between FGT100F and FGT60F. The tunnel works fine and the traffic is ok but the speed of a simple test with iperf is about only 2MB/s. (both sites have 1Gb/s symmetrical IPS connection). Any suggestions?
The tests performed are the following: iperf tests from windows to windows on vxlan over ipsec via iperf with various windows sizes are always no higher than 15-20 Mbits/sec.
iperf tests from fortigate console (via "diagnose traffictest run" therefore excluding vxlan/ipsec) to the same windows pc on the other side gives the following results: with default settings no more than 30 Mbits/sec , with various windows sizes (until 8192k) I can get to 330Mbits/sec.
I tried with "diag traffictest" to PC on hardware interface but I get the same low result. and as you have seen "diag traffictest" to the same pc on software switch is capable of getting the desired results via windows size. ( vxlan is encapsulated on Loopback interface ).
i'm back to this problem. I ran further tests excluding the vxlan so now we have simple ipsec tunnel ( created with vpn sdwan wizard) but I still get the same speed (slow). I've tried various MTU/MSS configurations with no improve. Any suggestions on further tests I could do? Thanks,
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.