Fortigate firewall killing bandwidth

We have a Fortigate FG200D behind a dirty switch. We upgraded our ISP bandwidth from 50x50 to 1Gbx1Gb.
With a device plugged into the dirty switch I speed test about 850x850 consistently.

Behind the firewall my speed tests are 500x100 consistently.
I have turned disabled all web filtering, AV, IPS, etc to test, and it doesn't make a difference filtering or not. Still the same degraded speed.

Anyone know what else I can test/check for the bottle neck?
DrPingAsked:
Who is Participating?
 
netcmhConnect With a Mentor Commented:
Yup, work your way up the OSI model.

Do you have SSL inspection on?

Look at the traffic shaping option on Fortigate: http://cookbook.fortinet.com/traffic-shaping-bandwidth-54/ to see if you can dedicate bandwidth.

Are the ports coming from the Fortigate configured correctly on the switch?
0
 
netcmhCommented:
Can you help me understand "dirty switch"? Unmanaged/managed? Hub or switch?
0
 
Alex GreenConnect With a Mentor 3rd Line Server SupportCommented:
Replace the network cable between the firewall and the switch.
1
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
DrPingAuthor Commented:
Sorry... the dirty switch is unprotected, residing between the ISP and our firewall.

We have vendor equipment that resides in that unprotected space.
0
 
Alex Green3rd Line Server SupportCommented:
ok, so replace the network cable to the firewall and whatever else it is. It could just be a kink in the cable causing the issue.
0
 
DrPingAuthor Commented:
Thanks Alex, that's a great suggestion.... We haven't replaced the cable because it's routed in a very difficult passage (elevator shaft).

However it's the same cable we used to plug a laptop into and got 850x850.
0
 
DrPingAuthor Commented:
Thanks netcmh,

Do you have SSL inspection on?
It was. I turned it off, and tested no difference (really had hopes when i saw it on lol)

Look at the traffic shaping option on Fortigate
No traffic shaping enabled.

Are the ports coming from the Fortigate configured correctly on the switch?
It's an unmanaged switch... and a laptop works well in that port. Not sure if that answers your question.
0
 
netcmhCommented:
Well, it might be indiscernible, but not having each https packet inspected would have helped. Have you tried a few different speed test sites. Try a few, with flash, without flash, cli etc. fast.com is one that Netflix recommends.
0
 
netcmhCommented:
Has the issue been resolved? Please help with housekeeping and close the ticket if resolved. If you have further questions, please ask.
0
 
DrPingAuthor Commented:
My apologies for letting this hang out there. We did figure it out, and maybe I felt too stupid to remember to update. The trouble was Symantec Anti Virus on all the PC's we were testing on. I don't know why Symantec is crippling bandwidth... didn't matter. That became someone else's problem. Thanks for your comments!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.