Solved

FortiNet firewall

Posted on 2013-10-30
14
792 Views
Last Modified: 2013-11-11
We have a FortiNet firewall that works just fine with our 70Mbsp connection with Brighthouse.

We wish to test a 150Mbps FIOS connection.

I reconfigured WAN1 with the FIOS IP Address/Subnet mask, set the Options to the FIOS DNS servers.

Throughput is hideous...  takes forever for a page to load... sometimes it won't at all.

If we try and go to Fedex.com we'll either get a Bing "can't find this address" error or the page loads text only or we'll see that the site (fedex.com) has certificate issues.  All of this goes away if we put Brighthouse back online.

Testing FIOS independent of the FortiNet shows close to the 150Mbps speed.
0
Comment
Question by:classnet
  • 7
  • 4
  • 3
14 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39613104
What model? It sound pretty much like that firewall cannot handle the WANtoLAN/LANtoWAN throughput.
0
 

Author Comment

by:classnet
ID: 39613119
Soulja...

It is a FortiGate 60C.  The docs read "Delivers market-leading 1 Gbps firewall throughput with 2 GbE WAN and 5 GbE switched LAN interfaces"

Is this what you mean?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39615165
60C will handle a 150Mbps line easy.

Have you tried hard-setting the speed/duplex on the port where the FortiGate connects?
0
 

Author Comment

by:classnet
ID: 39615179
Not sure what/how to hard-set the speed...
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39615186
Set the port to 1Gbps/Full on the router/switch that the Fortigate connects to.
0
 

Author Comment

by:classnet
ID: 39615202
The FortiGate connects to a 10/100 switch.  Cannot set the ports on that switch.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39615210
Ok so first issue... connecting a 150Mbps internet service to a 100Mbps switch.  That immediately cuts 50Mbps off your internet service.

Second issue... the Fortigate might not be able to negotiate with the switch properly.  If you check the port stats on the Fortigate when it's connected to the switch it's probably running at 10Mbps, half-duplex.

I'd connect it directly to the internet router, or to a gigabit switch.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:classnet
ID: 39615220
I appreciate the input craigbeck... strange how the 150Mbps is so bad and the 70Mbps isn't.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39615230
A pleasure... :-)

If negotiation doesn't work (so the fortigate drops to 10/half) you'll get a really poor service - much worse than the 70Mbps because the port is only working at 10Mbps in one direction at a time.

Just something else to check... if you're using the same cables and just switching them between the 150 and 70Mbps service, make sure the cables have all four pairs connected correctly.  Autonegotiation will definitely fail on a gigabit port if only two pairs are connected.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39615417
Leaving out the fact you are connecting to a 10/100 switch is a pretty important piece of information  That is obviously your bottle neck. Even if you negotiate at 100 full, that 70 Mbps is about the most you will get.
0
 

Author Comment

by:classnet
ID: 39615446
So you think that moving from a 70Mbps connection to a 150 will show much (much) slower speed?  Doesn't make sense. I'd expect at least equal performance.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39615487
All I am saying is that that 10/100 switch is you bottleneck if its anywhere in the path of your fortinet and your end hosts.

But the symptoms you describe could very well be a duplex issue as Craig stated.
0
 

Accepted Solution

by:
classnet earned 0 total points
ID: 39628428
Turned out to be a Gateway issue.

Needed to set Router | Static | Static Router to the FIOS Gateway
0
 

Author Closing Comment

by:classnet
ID: 39638306
Solved myself
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now