Hi.
I have a FG 100D. It was on fortios 5.4.1 but fortinet support advised me to upgrade to the latest build 5.6.1
So 5.6.1 we are now.
I created a new forticlient ipsec test tunnel with the wizard. No UTM are aplied on the policies used.
This tunnel works but when I copy files over this tunnel the connection is slow and unstable.
I have a 250/30 internet connection but downloading a file from the file server at the remote location is very slow (5mbit).
So can anyone help me to solve this problem?
There is no silver bullet to pin-point this type of performance issue easily so I'll through out some things you need to consider when you troubleshoot like this.
[ul]
The bottom line is FortiGate's VPN itself is unlikely the cause. We dealt with many cases like yours for our customers. Most of them are the first one or the second issue. Good luck!
hi thanks for all the suggestions.
I started with your remark 'The bottom line is FortiGate's VPN itself is unlikely the cause'
So i setup a simple ftp server, forwarded a port and tested the speed without vpn.
And the speed is the same as I get with vpn.
So it's no VPN issue.
It's also no SMB issue as I have the same result with FTP.
I also tested the speed to another server on the remote network. Same speed so it's no problem with the remote server I was testing with.
I tested the speed between those two servers on the remote network and I get 900mbit/sec so thats also not the problem. So it's also no issue with the duplex settings on this switch I guess? (the switch being the fortigate here for both servers)
The test site and remote site are only 10km away from each other and are with the same ISP. Speed tests on remote site 230/30, on the test site 200/30. I also tested from another site with a different ISP. same result.
No ping loss with vpn on or off.
thats what I got for now. The other suggestions I need to test.
But if anything I tested so far leads to other suggestions I am happy to hear them:)
tx!
small update:
I checked the wan port and it's on auto negotiate with the current being 1000mbps full duplex.
ISP confirmed this is correct. When I had them on the phone I told them about my problem.
They noticed that I had some upstream loss and said this 'could' be whats causing my problem.
Tomorrow morning they send a technician to check the line.
updating this thread when I have more news.
So the isp technician did some minor adjustments and it 's a bit better but far away from good.
I concentrated on DUPLEX mismatch.
So I got the Client, the FG wan1 port, a vlan interface (created on the internal) and the server.
Everything but the internal is FULL DUPLEX 1000mbps The internal is on HALF-DUPLEX. I missed that one because the test FTP VIP is from wan to vlan and those are both full duplex and the internal interface is showing 'PHY Link down'
internal interface is a hardware switch on this FG.
Should I reconfigure the internal interface and how do i do this?
some extra info:
show system interface internal config system interface edit "internal" set vdom "root" set ip 10.0.110.2 255.255.255.0 set vlanforward enable set type hard-switch set stp enable set fortiheartbeat enable set snmp-index 11 next end
show system interface internal VLAN10DATA config system interface edit "VLAN10DATA" set vdom "root" set ip 10.10.0.2 255.255.255.0 set role lan set snmp-index 12 set interface "internal" set vlanid 10 next end
show system interface wan1 config system interface edit "wan1" set vdom "root" set ip x.x.x.x 255.255.255.248 set vlanforward enable set type physical set weight 90 set snmp-index 1 next end
diagnose hardware deviceinfo nic internal Description Fortinet 100D Ethernet Driver System_Device_Name internal State up Link up PHY Link down Speed 0 Duplex half port: 0 def vid 4075 cur_vid 4075 netdev_running 1 stp: 0 mac_bypass 0 pci_rx 0 Rx_Packets 271120503 Tx_Packets 279265426 Rx_Bytes 269874146612 Tx_Bytes 283884223255
diagnose hardware deviceinfo nic wan1 Driver_Name e1000e Driver_Version 3.2.4.2-NAPI MAC_Type 3 IRQ 16 System_Device_Name wan1 State up
Link up Speed 1000 Duplex full
PHY_Media_Type 1 Autoneg 1 MTU_Size 1500 Max_Frame_Size 1522/9234
Interrupt_Mode MSI-X Interrupt_Throttle_Rate 20000 Rx_Descriter 256 Tx_Descriter 256
Statistics rx_packets 66349708 tx_packets 46453923 rx_bytes 49191573663 tx_bytes 38008075387 rx_broadcast 14884 tx_broadcast 22 rx_multicast 128883 tx_multicast 1 rx_errors 0 tx_errors 0 tx_dropped 0 multicast 128883 collisions 0 rx_length_errors 0 rx_over_errors 0 rx_crc_errors 0 rx_frame_errors 0 rx_no_buffer_count 17464 rx_missed_errors 6607 tx_aborted_errors 0 tx_carrier_errors 0 tx_fifo_errors 0 tx_heartbeat_errors 0 tx_window_errors 0 tx_abort_late_coll 0 tx_deferred_ok 0 tx_single_coll_ok 0 tx_multi_coll_ok 0 tx_timeout_count 0 tx_restart_queue 0 rx_long_length_errors 0 rx_short_length_errors 0 rx_align_errors 0 tx_tcp_seg_good 0 tx_tcp_seg_failed 0 rx_flow_control_xon 0 rx_flow_control_xoff 0 tx_flow_control_xon 0 tx_flow_control_xoff 0 rx_csum_offload_good 61971234 rx_csum_offload_errors 0 rx_header_split 0 alloc_rx_buff_failed 0 tx_smbus 0 rx_smbus 0 dropped_smbus 0 rx_dma_failed 0 tx_dma_failed 0 rx_hwtstamp_cleared 0 uncorr_ecc_errors 0 corr_ecc_errors 0 tx_hwtstamp_timeouts 0
What is the speed of the pipe (both download and upload) at each location?
Mike Pruett
Speed test on remote site 230/30, on the test site 200/30
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.