Fortigate 600D & 23 Managed FortiSwitches Network File Copy/Wireshark issues
Having a new Fortinet network, we are seeing some very strange issues on the network. It is very sporadic, which is hard to pinpoint the issue, as network performance works great and the next minute it fluctuates.
First we started seeing that a file copy to our file server (1 GB connection) was occasionally fluctuating fast and slow. When copying files it would burst up to 108 MB/s, then drop down to 10 MB/s or below (sometimes pause for a couple seconds), then increase up to 50 - 80 MB/s, and would form this wave.
The second file copy we tried, it would copy around 100 MB/s all the way across (2 GB file copy). So then we try it again a minute later, and the performance is horrible.
I noticed a couple things when I started a wireshark capture:
Occasionally I will see TCP Spurious Retransmission, TCP ACKed unseen segment, TCP Out-Of-Order, TCP Dup ACK (even when I'm not really actively doing anything on the network).
Now here is the strange thing, if I start a wireshark capture and have someone on the same VLAN as me start a file copy to the file server (different VLAN), my Wireshark picks up hundreds of packets all TCP Dup ACK, TCP Retransmission, TCP Spurious Retransmission between the other computer and the file server. I should not be seeing these packets. It's as if the FortiSwitch is acting as a HUB rather than a switch.
Whatever is happening is completely deteriorating our network performance. And because it's so sporadic, we'll think we have it solved, and then it starts doing the same again.