Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

FortiNet firewall

Posted on 2013-10-30
14
Medium Priority
?
814 Views
Last Modified: 2013-11-11
We have a FortiNet firewall that works just fine with our 70Mbsp connection with Brighthouse.

We wish to test a 150Mbps FIOS connection.

I reconfigured WAN1 with the FIOS IP Address/Subnet mask, set the Options to the FIOS DNS servers.

Throughput is hideous...  takes forever for a page to load... sometimes it won't at all.

If we try and go to Fedex.com we'll either get a Bing "can't find this address" error or the page loads text only or we'll see that the site (fedex.com) has certificate issues.  All of this goes away if we put Brighthouse back online.

Testing FIOS independent of the FortiNet shows close to the 150Mbps speed.
0
Comment
Question by:classnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
14 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39613104
What model? It sound pretty much like that firewall cannot handle the WANtoLAN/LANtoWAN throughput.
0
 

Author Comment

by:classnet
ID: 39613119
Soulja...

It is a FortiGate 60C.  The docs read "Delivers market-leading 1 Gbps firewall throughput with 2 GbE WAN and 5 GbE switched LAN interfaces"

Is this what you mean?
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39615165
60C will handle a 150Mbps line easy.

Have you tried hard-setting the speed/duplex on the port where the FortiGate connects?
0
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

 

Author Comment

by:classnet
ID: 39615179
Not sure what/how to hard-set the speed...
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39615186
Set the port to 1Gbps/Full on the router/switch that the Fortigate connects to.
0
 

Author Comment

by:classnet
ID: 39615202
The FortiGate connects to a 10/100 switch.  Cannot set the ports on that switch.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39615210
Ok so first issue... connecting a 150Mbps internet service to a 100Mbps switch.  That immediately cuts 50Mbps off your internet service.

Second issue... the Fortigate might not be able to negotiate with the switch properly.  If you check the port stats on the Fortigate when it's connected to the switch it's probably running at 10Mbps, half-duplex.

I'd connect it directly to the internet router, or to a gigabit switch.
0
 

Author Comment

by:classnet
ID: 39615220
I appreciate the input craigbeck... strange how the 150Mbps is so bad and the 70Mbps isn't.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39615230
A pleasure... :-)

If negotiation doesn't work (so the fortigate drops to 10/half) you'll get a really poor service - much worse than the 70Mbps because the port is only working at 10Mbps in one direction at a time.

Just something else to check... if you're using the same cables and just switching them between the 150 and 70Mbps service, make sure the cables have all four pairs connected correctly.  Autonegotiation will definitely fail on a gigabit port if only two pairs are connected.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39615417
Leaving out the fact you are connecting to a 10/100 switch is a pretty important piece of information  That is obviously your bottle neck. Even if you negotiate at 100 full, that 70 Mbps is about the most you will get.
0
 

Author Comment

by:classnet
ID: 39615446
So you think that moving from a 70Mbps connection to a 150 will show much (much) slower speed?  Doesn't make sense. I'd expect at least equal performance.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39615487
All I am saying is that that 10/100 switch is you bottleneck if its anywhere in the path of your fortinet and your end hosts.

But the symptoms you describe could very well be a duplex issue as Craig stated.
0
 

Accepted Solution

by:
classnet earned 0 total points
ID: 39628428
Turned out to be a Gateway issue.

Needed to set Router | Static | Static Router to the FIOS Gateway
0
 

Author Closing Comment

by:classnet
ID: 39638306
Solved myself
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question