Mahmoud Al Jundi
asked on
Slow Download
Dear All,
I have Broadband connection (PPPoE) with 500Mbps upload/download, I connect to fortigate UTM in in order to initiate the connection, the issue when I do a speed test, I receive 70 Mbps Download and 500 Mbps upload !!! so tried the following :
- tried to initiate the connection directly using PPPoE connection on my Windows 7 laptop and Windows 8 desktop I get 70 Mbps download
- The ISP technician came with windows 10 laptop when connects directly the speed test is full 500/500
- When ISP technician connects his laptop to our LAN, the download is 70 Mbps !!
- Network switch and cabling supports 1.0 Gbps
The ISP told me needs to check your internal network , what do you suggest ?
Check the full specs of the Fortigate UTM
Cheaper models have slow CPUs, if you enable ALL forms of scanning, you will reach your download limit fast.
Especially if the UTM was from before fiber was available everywhere, 70Mbps ADSL probably didn't exist, and consumers and small businesses wouldn't complain at all.
But with higher speeds available, you really need to read the fine prints of ALL consumer/small business and even some enterprise UTM solutions. Find the CPU power, and maximum throughput regarding VPN sessions and overall bandwidth with all scanning enabled. If specs are vague, IT'S ON PURPOSE (so you can't complain later on). Only Enterprise grade high priced devices will have full specs available.
Cheaper models have slow CPUs, if you enable ALL forms of scanning, you will reach your download limit fast.
Especially if the UTM was from before fiber was available everywhere, 70Mbps ADSL probably didn't exist, and consumers and small businesses wouldn't complain at all.
But with higher speeds available, you really need to read the fine prints of ALL consumer/small business and even some enterprise UTM solutions. Find the CPU power, and maximum throughput regarding VPN sessions and overall bandwidth with all scanning enabled. If specs are vague, IT'S ON PURPOSE (so you can't complain later on). Only Enterprise grade high priced devices will have full specs available.
did you enable internet protection scanning and internet prevention scanning ids or idp
both of these will overload some lower quality devices to a crawl.
both of these will overload some lower quality devices to a crawl.
You mentioned, "When ISP technician connects his laptop to our LAN, the download is 70 Mbps !!"
This suggests your network is the bottleneck.
1) So you'll start with an Ethernet connection, as you did.
Then start adding 1x piece of gear at a time, doing a speed test.
2) Next test would be to move your Ethernet cable from your ISP modem, to your first switch (ahead of your WiFi).
3) Next test your machine next to a WiFi hub.
4) Next test your machine next to a WiFi repeater.
This type of testing is dirt simple, just takes time.
What you're doing is... connecting to one piece of gear at a time to determine the exact place in your network where speed drop occurs.
Once you know the weak point, you can determine how to fix the weak point.
This suggests your network is the bottleneck.
1) So you'll start with an Ethernet connection, as you did.
Then start adding 1x piece of gear at a time, doing a speed test.
2) Next test would be to move your Ethernet cable from your ISP modem, to your first switch (ahead of your WiFi).
3) Next test your machine next to a WiFi hub.
4) Next test your machine next to a WiFi repeater.
This type of testing is dirt simple, just takes time.
What you're doing is... connecting to one piece of gear at a time to determine the exact place in your network where speed drop occurs.
Once you know the weak point, you can determine how to fix the weak point.
ASKER
David, it is a small branch, only have 3 pcs, network switch and fortigate 30E model, it is a simple network, I have tested using only once PC and got the same result
ASKER
david johnson, I have been with a policy without any service enabled on the fortigate
ASKER
Kimputer, the network switch was 10/100 and speed was reaching 100 and I know it is a switch limitation, suddenly the speed dropped to 20, I changed the switch to 10/100/1000 and speed become better but it varies between 30 to 70, forigate was working fine before this issue
ASKER
Qlemo, I will check with fortigate but not sure if its a fortigate issue or not because it was working fine
Since the engineer proved 1000/1000 was possible, then I only have to offer this: However weird it seems (because upload speeds reach 1000Mbps), you might still have to set the ports speed on the Fortigate from autosense to 1000Mbps.
You probably need to check if the fortigate has some kind of ratelimiting activated. ( aka Bandwidth management )
if you formerly had a 500/70 that would have made a lot of sense becaue of buffer bloat ina lot of network equipment esp causing a problem on asymmetric lines.
The interface speed neet to be 1Gbps to allow for 500Mbps .
if you formerly had a 500/70 that would have made a lot of sense becaue of buffer bloat ina lot of network equipment esp causing a problem on asymmetric lines.
The interface speed neet to be 1Gbps to allow for 500Mbps .
my guess would be you enabled antivirus or some other kind of filtering policy on the fortinet that only filters downloads. there is no way even a really old fortinet could not handle such speeds, but filtering is quite expensive, tests are performed on large files, and the fortinet probably has a very hard tile dealing with that when av is enabled.
alternatively, it is possible your network uses the remaining download bandwidth and your tests with the fortinet are biased by whatever the network consumes as soon as the fortinet is plugged in.
alternatively, it is possible your network uses the remaining download bandwidth and your tests with the fortinet are biased by whatever the network consumes as soon as the fortinet is plugged in.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Some info about adjusting and troubleshooting can be found e.g. at https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Issue-with-outbound-upload-traffic-speed/ta-p/192116 .