?
Solved

Fortigate VPN Network Performance

Posted on 2013-12-22
16
Medium Priority
?
2,966 Views
Last Modified: 2014-02-23
Hello Guys,

I have network performance issue on my Fortigate 300A, I have 3 VPN Connections connected in 3 Different ways and having all different results.

We have 25 Mbps of bandwidth.

1) VPN Connected to Fortigate 60D which have 1 Mbps of connection getting copying speed at 1 Mbps which is satisfied.
2) VPN Connected to Pfsense which have 10 Mbps of connection and getting copying speed only at 50 Kbps
3) VPN Connected to Fortigate 100A which have 512 Kbps of connection getting copying speed only at 2Kbps.

Can you please help to troubleshoot the issue.


Regards,
Murtaza
0
Comment
Question by:msretailit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 2
  • +1
16 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39735801
What is the speed of the connections at the other end of the VPN?
0
 

Author Comment

by:msretailit
ID: 39735817
I have mentioned the speeds also.

Please check
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39735822
Is that the speeds both way or is that just download/upload?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:msretailit
ID: 39735828
Yes Speed is same for download and upload

We  have 25 Mbps download and upload link on Fiber

1) Connection speed is 1 Mbps download and upload.
2) Connection speed is 10 Mbps download and upload.
3) Connection speed is 512 Kbps download and upload
0
 
LVL 14

Expert Comment

by:JohnnyCanuck
ID: 39735914
Can you verify the connections by having them go to

http://www.speedtest.net/
0
 

Author Comment

by:msretailit
ID: 39735952
Yes its been as mentioned
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39735961
Disabled Anti-Virus on the PC's to test the transfer speeds?

Do you have any bandwidth management on the routers?
0
 

Author Comment

by:msretailit
ID: 39735971
No Antivirus on that machines.

We have Fortigate 300A and i am not doing any bandwidth management on that.

I am trying to copy from same machine which have access to all 3 Remote Locations.
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 39751156
I assume the lines at the remote sites are not under load when you did the performance tests ...
I also assume you do not have any speed limits configured on the  VPN connection.
Could this be an MTU-problem? Did you try running the sniffer to see whether you get any error packets? Are there any other CPE devices involved that might cause the low throughput? If there are any other devices, have you tried bypassing the firewall with a direct connection and measured throughput?
0
 

Author Comment

by:msretailit
ID: 39751163
I am still working on MTU problem, I have been told by FGT Support "MTU though the path is 1412 for the VPN. This is low. A better value is 1436 as you have for the other tunnels. Again, If the MTU stays at 1412, you are bound to experience the slowness because of the VPN fragmentation. This is expected. As discussed, the computers on either side of the tunnel will talk with an MTU of 1500, but, across the VPN tunnel the MTU is only 1412. So, there will be a bottleneck here. We can only work to get the best MTU possible on the VPN by contacting the ISP to give us a better route". But my ISP is too slow to support as FGT Support. I want to make sure from my FGT side that this is not problem from Firewall.
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 39751177
The MTU mostly depends on the type of line ... e.g., if you have a DSL line, you already lose part of the 1500 MTU to the PPPoE/PPPoA overhead ...
Also, please note that when packets need to be fragmented, the device that notices this will send an ICMP packet to the sending side ... if this packet does not get through (e.g. by blocking all ICMP traffic), you will notice degradation due to timeouts on the packet transmission ... so the actual fragmentation usually isn't the problem, but the timeouts are ...
For a test, try to configure either two machines on either side of a VPN to e.g. 1400 bytes MTU, then do the transfer between them ... if everything goes as expected, the MTU through the tunnel is the definite cause ...
0
 

Author Comment

by:msretailit
ID: 39751195
I will setup that and get back to you.
0
 

Accepted Solution

by:
msretailit earned 0 total points
ID: 39869618
Issue was with ISP
0
 

Author Closing Comment

by:msretailit
ID: 39880359
The issue was from ISP not related to Fortigate  VPN
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question