Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 820
  • Last Modified:

FortiNet firewall

We have a FortiNet firewall that works just fine with our 70Mbsp connection with Brighthouse.

We wish to test a 150Mbps FIOS connection.

I reconfigured WAN1 with the FIOS IP Address/Subnet mask, set the Options to the FIOS DNS servers.

Throughput is hideous...  takes forever for a page to load... sometimes it won't at all.

If we try and go to Fedex.com we'll either get a Bing "can't find this address" error or the page loads text only or we'll see that the site (fedex.com) has certificate issues.  All of this goes away if we put Brighthouse back online.

Testing FIOS independent of the FortiNet shows close to the 150Mbps speed.
0
classnet
Asked:
classnet
  • 7
  • 4
  • 3
1 Solution
 
SouljaCommented:
What model? It sound pretty much like that firewall cannot handle the WANtoLAN/LANtoWAN throughput.
0
 
classnetAuthor Commented:
Soulja...

It is a FortiGate 60C.  The docs read "Delivers market-leading 1 Gbps firewall throughput with 2 GbE WAN and 5 GbE switched LAN interfaces"

Is this what you mean?
0
 
Craig BeckCommented:
60C will handle a 150Mbps line easy.

Have you tried hard-setting the speed/duplex on the port where the FortiGate connects?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
classnetAuthor Commented:
Not sure what/how to hard-set the speed...
0
 
Craig BeckCommented:
Set the port to 1Gbps/Full on the router/switch that the Fortigate connects to.
0
 
classnetAuthor Commented:
The FortiGate connects to a 10/100 switch.  Cannot set the ports on that switch.
0
 
Craig BeckCommented:
Ok so first issue... connecting a 150Mbps internet service to a 100Mbps switch.  That immediately cuts 50Mbps off your internet service.

Second issue... the Fortigate might not be able to negotiate with the switch properly.  If you check the port stats on the Fortigate when it's connected to the switch it's probably running at 10Mbps, half-duplex.

I'd connect it directly to the internet router, or to a gigabit switch.
0
 
classnetAuthor Commented:
I appreciate the input craigbeck... strange how the 150Mbps is so bad and the 70Mbps isn't.
0
 
Craig BeckCommented:
A pleasure... :-)

If negotiation doesn't work (so the fortigate drops to 10/half) you'll get a really poor service - much worse than the 70Mbps because the port is only working at 10Mbps in one direction at a time.

Just something else to check... if you're using the same cables and just switching them between the 150 and 70Mbps service, make sure the cables have all four pairs connected correctly.  Autonegotiation will definitely fail on a gigabit port if only two pairs are connected.
0
 
SouljaCommented:
Leaving out the fact you are connecting to a 10/100 switch is a pretty important piece of information  That is obviously your bottle neck. Even if you negotiate at 100 full, that 70 Mbps is about the most you will get.
0
 
classnetAuthor Commented:
So you think that moving from a 70Mbps connection to a 150 will show much (much) slower speed?  Doesn't make sense. I'd expect at least equal performance.
0
 
SouljaCommented:
All I am saying is that that 10/100 switch is you bottleneck if its anywhere in the path of your fortinet and your end hosts.

But the symptoms you describe could very well be a duplex issue as Craig stated.
0
 
classnetAuthor Commented:
Turned out to be a Gateway issue.

Needed to set Router | Static | Static Router to the FIOS Gateway
0
 
classnetAuthor Commented:
Solved myself
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 7
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now