Fortigate firewall killing bandwidth

We have a Fortigate FG200D behind a dirty switch. We upgraded our ISP bandwidth from 50x50 to 1Gbx1Gb.
With a device plugged into the dirty switch I speed test about 850x850 consistently.

Behind the firewall my speed tests are 500x100 consistently.
I have turned disabled all web filtering, AV, IPS, etc to test, and it doesn't make a difference filtering or not. Still the same degraded speed.

Anyone know what else I can test/check for the bottle neck?
DrPingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

netcmhCommented:
Can you help me understand "dirty switch"? Unmanaged/managed? Hub or switch?
0
Alex Green3rd Line Server SupportCommented:
Replace the network cable between the firewall and the switch.
1
DrPingAuthor Commented:
Sorry... the dirty switch is unprotected, residing between the ISP and our firewall.

We have vendor equipment that resides in that unprotected space.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Alex Green3rd Line Server SupportCommented:
ok, so replace the network cable to the firewall and whatever else it is. It could just be a kink in the cable causing the issue.
0
DrPingAuthor Commented:
Thanks Alex, that's a great suggestion.... We haven't replaced the cable because it's routed in a very difficult passage (elevator shaft).

However it's the same cable we used to plug a laptop into and got 850x850.
0
netcmhCommented:
Yup, work your way up the OSI model.

Do you have SSL inspection on?

Look at the traffic shaping option on Fortigate: http://cookbook.fortinet.com/traffic-shaping-bandwidth-54/ to see if you can dedicate bandwidth.

Are the ports coming from the Fortigate configured correctly on the switch?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DrPingAuthor Commented:
Thanks netcmh,

Do you have SSL inspection on?
It was. I turned it off, and tested no difference (really had hopes when i saw it on lol)

Look at the traffic shaping option on Fortigate
No traffic shaping enabled.

Are the ports coming from the Fortigate configured correctly on the switch?
It's an unmanaged switch... and a laptop works well in that port. Not sure if that answers your question.
0
netcmhCommented:
Well, it might be indiscernible, but not having each https packet inspected would have helped. Have you tried a few different speed test sites. Try a few, with flash, without flash, cli etc. fast.com is one that Netflix recommends.
0
netcmhCommented:
Has the issue been resolved? Please help with housekeeping and close the ticket if resolved. If you have further questions, please ask.
0
DrPingAuthor Commented:
My apologies for letting this hang out there. We did figure it out, and maybe I felt too stupid to remember to update. The trouble was Symantec Anti Virus on all the PC's we were testing on. I don't know why Symantec is crippling bandwidth... didn't matter. That became someone else's problem. Thanks for your comments!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.