Site to Site IPSec VPN slow file transfer speeds.
Site to Site IPSec VPN Gateway using two Fortigates. Branch has an 80E Firmware v6.0.2, Headquarters has a 300D Firmware v5.6.6.
Problem: End users reporting very slow file access from the fileservers located at headquarters.
File transfer speeds between the two sites averages 425 Kbps for Data only.
Should I expect better file transfer speeds between the two sites?
Note: VoIP works great. Speeds out to the Internet are great.
VoIP and Data are configured to use the same port on the Fortigate 80E.
I'm using Windows Explorer and copying a file from the (Windows 2016 Server) fileserver to the desktop (combo of Win7 and Win10 pro) to test the file transfer speeds.
Iperf between the two sites using the default settings for TCP. I didn't change the Window size. Average speed was between 2 to 3 Mbps.
Ftp'ed between the two sites average speed was 1.5 to 2.0Mbps.
Distance between Branch and HQ 34 miles.
Branch has 30 pc's and 30 VoIP phones. 30 Employees, rarely has more than 10 employees at a time using their pc's.
80E Spec sheet notes Gateway to Gateway IPSec VPN Tunnels 200 I'm guessing they mean 200Mbps.
IPSec VPN Performance test used AES256 and SHA256. We're using 3DES SHA1
I'm using the document at this link as a guide for troubleshooting. https://forum.fortinet.com/tm.aspx?m=151195
Thanks to Toshi Esumi
Branch ISP Router settings 400Mbps Download, 20Mbps upload. Headquarters 250Mbps Upload and Download. Duplex is Full.
Internet Speedtest done using www.speedtest.net
- This site has two options Multi and Single.
Branch - Multi - 420Mbps Download 22Mbps Upload - Single 255Mbps Download 14Mbps upload.
Headquarters - Multi - 102Mbps Download 160Mbps Upload - Single 81Mbps Upload - 169Mbps Download.
Fortigates Speed and Duplex set to Auto Auto 1GB Full Duplex. Cisco Switches are also set to Auto Auto 1GB Full Duplex
Checked Speed and Duplex for mismatches between the Fortigates, and the switch. There are none.
ISP rep's state there are no errors on router interfaces.
Checked Fortigate Interfaces for errors, there are none. Checked desktops and fileserver interfaces for errors there are none.
I've thought about hard coding the speed and duplex on the interfaces, but we have no crc, tx, rx errors.
Ran continous ping checks between the public and private interfaces. Looking for dropped packets, there were none.
Ran Tracert from both ends, no drops.
Setup folder and shared them on two laptops. Put a laptop at each end of the campus. Copied files between them, speeds are great. 20mb file copies between the two laptops in 5 to 7 seconds.
FortiAnalyzer I see some ip-conn and client-rst and server-rst records in the logs for traffic between the desktops and the fileserver.
Surf the Internet for Fortinet and slow SMB IPSec file transfer speeds and you come up with a lot of hits.
Here's a few other links that mention slow ipsec vpn speeds. One has claims that a bug is the problem.https://forum.fortinet.com/tm.aspx?m=154946https://forum.fortinet.com/tm.aspx?m=172121https://forum.fortinet.com/tm.aspx?m=166340https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_80E_Series.pdf
What other steps can\should I take to troubleshoot the problem?
If you need additional information please let me know.
Thanks for your time.