Thru put of FG60D not high enough?

bvanhaastrecht · ‎07-11-2021

Hello,

We recently upgraded our internet connection bandwidth from 100 to 300mbps. We noticed only a small increase in bandwidth when downloading things. When using speed testers we cant get higher than 130mbps. When we connect a laptop directly to the ISP modem we can get 300mbps, so it's the FG whose to blame. I've eliminated networking problems by checking interface statistics ext. I've disabled UTM and logging on the policy, this got it from 120 to 130mbps. When we initiate traffic, we see the CPU going to 80-90%.

The device is out of support, so can't go that route.

When looking at the specs, I think it should perform much better. http://www.corex.at/Produktinfos/FortiGate-60D.pdf

Any help is welcome, kind regards.
Bastiaan

bvanhaastrecht · ‎08-12-2021

Hi Prab,

I've managed to solve it.

I was using a software switch because in early days I was bridging the SSID's to the LAN. Software switches do not use the Forti SOC. I've now replaced the software switch with a hardware switch and now I get full bandwidth!

Thanks for the help!

Regards,
Bastiaan

View solution in original post

Report Inappropriate Content · ‎07-12-2021

Hi Bastian,

The CPU usage seems high to me and is not normal. You might need to check which process/s is trying to eat so many CPU cycles using the "sys top" command Ref: https://kb.fortinet.com/kb/documentLink.do?externalID=FD46228.

Probably the FortiOS version you are running is a bit buggy, try a different fortiOS version if possible. I have even seen broken/old hardware providing degraded performance.
Make sure there is no traffic shaping profile being applied to the traffic and also check the max bandwidth settings of your wan interface.

Also, try to perform the speed test from the FortiGate itself and check if you ever achieve better speeds. Here is a KB for that: https://kb.fortinet.com/kb/documentLink.do?externalID=FD45599

Cheers,
Prab :)

bvanhaastrecht · ‎08-11-2021

Hi Prab,

Thanks for your reply, much appreciated.

This is the result of a sys top:
Run Time: 30 days, 23 hours and 32 minutes
0U, 0N, 66S, 34I; 1838T, 1434F
newcli 18246 R 17.8 1.1
newcli 18253 R 17.5 1.1
sslvpnd 79 R 16.5 1.5
fcnacd 100 S 4.3 0.9
forticron 74 S 1.8 1.1
initXXXXXXXXXXX 1 R 0.6 0.7
src-vis 92 S 0.1 1.0
merged_daemons 69 S 0.1 0.7
dnsproxy 103 S 0.0 2.6
httpsd 178 S 0.0 1.7
cmdbsvr 38 S 0.0 1.7
pyfcgid 18159 S 0.0 1.6
pyfcgid 18162 S 0.0 1.6
pyfcgid 18163 S 0.0 1.6
pyfcgid 18161 S 0.0 1.6
httpsd 126 S 0.0 1.6
miglogd 63 S 0.0 1.4
httpsd 65 S 0.0 1.4

Dont know what the newcli does, but the sys top does start to lag when I start a download test from a node within the lan network.

I'm running the latest support fortiOS of this device which is v6.0.12 build0419 (GA), I have tried older versions but did not make any difference.

I have no traffic shaping policies active.

A iperf test from the fortigate itself has worse results, only 30mbps

Do you have any ideas?

Kind regards,
Bastiaan

Report Inappropriate Content · ‎08-11-2021

Hi Bastian,

Did you use the CLI from the FGT's GUI? I would not suggest using it. Try using the putty software to connect to FGT via SSH to perform the iperf tests.
If you still do not find any improvements, I would suggest contacting FortiNet support. I suspect corrupt hardware.
Please perform the hardware test, maybe we would find out something: https://kb.fortinet.com/kb/documentLink.do?externalID=FD39581

Cheers & good luck,
Prab

bvanhaastrecht · ‎08-11-2021

Hi Prab,

Yes, I always use SSH to perform debugs.

Unfortunately the warranty of this fortigate has expired. It was given to my when I participated at the fortigate training.

All the hardware tests pass successfully.

I think I'm out of options...

Regards,
Bastiaan

bvanhaastrecht · ‎08-12-2021

Hi Prab,

I've managed to solve it.

I was using a software switch because in early days I was bridging the SSID's to the LAN. Software switches do not use the Forti SOC. I've now replaced the software switch with a hardware switch and now I get full bandwidth!

Thanks for the help!

Regards,
Bastiaan