Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
train_wreck
New Contributor III

Expected IPsec throughput of S2S between two 30Es

We have a cert-based site-to-site set up between 2 directly-connected 30E devices using the IPsec wizard to create a "Site-to-site (Fortigate)" tunnel. IPerf3 between 2 Windows PCs on either side gives around ~130mbit:

 

PS C:\WINDOWS\system32> iperf3 -c 172.16.16.25 -t 10 -i 1
Connecting to host 172.16.16.25, port 5201
[ 4] local 192.168.30.2 port 5601 connected to 172.16.16.25 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 16.0 MBytes 134 Mbits/sec
[ 4] 1.00-2.00 sec 15.6 MBytes 131 Mbits/sec
[ 4] 2.00-3.00 sec 15.6 MBytes 131 Mbits/sec
[ 4] 3.00-4.00 sec 15.9 MBytes 133 Mbits/sec
[ 4] 4.00-5.00 sec 15.5 MBytes 130 Mbits/sec
[ 4] 5.00-6.00 sec 15.9 MBytes 134 Mbits/sec
[ 4] 6.00-7.00 sec 15.0 MBytes 126 Mbits/sec
[ 4] 7.00-8.00 sec 15.9 MBytes 133 Mbits/sec
[ 4] 8.00-9.00 sec 16.0 MBytes 134 Mbits/sec
[ 4] 9.00-10.00 sec 15.4 MBytes 129 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 157 MBytes 131 Mbits/sec sender
[ 4] 0.00-10.00 sec 157 MBytes 131 Mbits/sec receiver

iperf Done.

 

Is this expected? Anything I can do to get more bandwidth? (besides lowering crypto strength; the Phase 2 SA created is using AES256/SHA256, the minimum adequate today)...

0 REPLIES 0
Labels
Top Kudoed Authors