Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Fortigate firewall killing bandwidth

Posted on 2017-08-31
11
High Priority
?
62 Views
Last Modified: 2017-09-28
We have a Fortigate FG200D behind a dirty switch. We upgraded our ISP bandwidth from 50x50 to 1Gbx1Gb.
With a device plugged into the dirty switch I speed test about 850x850 consistently.

Behind the firewall my speed tests are 500x100 consistently.
I have turned disabled all web filtering, AV, IPS, etc to test, and it doesn't make a difference filtering or not. Still the same degraded speed.

Anyone know what else I can test/check for the bottle neck?
0
Comment
Question by:DrPing
  • 4
  • 4
  • 2
10 Comments
 
LVL 21

Expert Comment

by:netcmh
ID: 42277038
Can you help me understand "dirty switch"? Unmanaged/managed? Hub or switch?
0
 
LVL 14

Assisted Solution

by:Alex Green
Alex Green earned 1500 total points
ID: 42277127
Replace the network cable between the firewall and the switch.
1
 

Author Comment

by:DrPing
ID: 42277129
Sorry... the dirty switch is unprotected, residing between the ISP and our firewall.

We have vendor equipment that resides in that unprotected space.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 14

Expert Comment

by:Alex Green
ID: 42277131
ok, so replace the network cable to the firewall and whatever else it is. It could just be a kink in the cable causing the issue.
0
 

Author Comment

by:DrPing
ID: 42277158
Thanks Alex, that's a great suggestion.... We haven't replaced the cable because it's routed in a very difficult passage (elevator shaft).

However it's the same cable we used to plug a laptop into and got 850x850.
0
 
LVL 21

Accepted Solution

by:
netcmh earned 1500 total points
ID: 42277159
Yup, work your way up the OSI model.

Do you have SSL inspection on?

Look at the traffic shaping option on Fortigate: http://cookbook.fortinet.com/traffic-shaping-bandwidth-54/ to see if you can dedicate bandwidth.

Are the ports coming from the Fortigate configured correctly on the switch?
0
 

Author Comment

by:DrPing
ID: 42277282
Thanks netcmh,

Do you have SSL inspection on?
It was. I turned it off, and tested no difference (really had hopes when i saw it on lol)

Look at the traffic shaping option on Fortigate
No traffic shaping enabled.

Are the ports coming from the Fortigate configured correctly on the switch?
It's an unmanaged switch... and a laptop works well in that port. Not sure if that answers your question.
0
 
LVL 21

Expert Comment

by:netcmh
ID: 42277460
Well, it might be indiscernible, but not having each https packet inspected would have helped. Have you tried a few different speed test sites. Try a few, with flash, without flash, cli etc. fast.com is one that Netflix recommends.
0
 
LVL 21

Expert Comment

by:netcmh
ID: 42294613
Has the issue been resolved? Please help with housekeeping and close the ticket if resolved. If you have further questions, please ask.
0
 

Author Comment

by:DrPing
ID: 42312898
My apologies for letting this hang out there. We did figure it out, and maybe I felt too stupid to remember to update. The trouble was Symantec Anti Virus on all the PC's we were testing on. I don't know why Symantec is crippling bandwidth... didn't matter. That became someone else's problem. Thanks for your comments!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question