Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ralph1973
Contributor

poor vpn performance

Hello, I have been struggling for some time now to fix an issue with a customer who has 3 FGT 90D's on 3 different sites, with full mesh vpn between the sites. Also there is an ipsec tunnel to Azure configured on each Fortigate.

Problem is that traffic over vpn tunnels goes very slow. What I have checked until now:

- ipsec traffic cannot be offloaded to a dedicated asic (90D only has a SOC processor)

- UTM filtering is only configured for outbound traffic, not for incoming tunnel traffic (to prevent packets are inspected twice)

- cpu and memory load is normal

- mtu of wan interface is 1492 (so not default 1500) and mtu of ipsec tunnels is 1422 bytes

- monitoring wan interface on dashboard doesn't show a wan interface that is fully consumed.

- AES encryption is used on tunnels (less resource intensive than 3DES)

 

Anyone has any suggestion?

Thank you and regards,

Ralph Willemsen

Arnhem, Netherlands

2 REPLIES 2
Paul_S
Contributor

Did you ever get a solution?

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Smartypants
New Contributor

I have what I believe to be the same problem.

an HA pair of 900D's connecting to a Fortigate VM firewall at a remote data center using a tested 500MBPS circuit and only getting 30-50 MBPS. We tried different phase1 and phase2 settings nothing helps.

 

Labels
Top Kudoed Authors