Sorry I’m not a huge fortinet guru like others on this forum.
I’ve noticed that my users are experiencing slowness accessing resources inside the network after we updated to 7.2.7.
It did not exist in the previous version, I believe we were on 7.2.5.
Is this a known issue and what’s a good way to test network speed over the vpn?
If it is known issue are they going to fix it?
Thanks…
any chance its a 200F with 1+10G ports being used?
Have a look at the Known issues of 7.2.7. Maybe this bug is affecting your Gates:
852051 IPsec is not fully offloaded, and IPsec VPN throughput is poor.
Can confirm I have seen RDP lag via the Web portal on 7.2.7. Workaround was getting clients to RDP via tunnel mode using forticlient.
For testing speeds over VPNs in the past I’ve just set up an LibreSpeedTest server on the same network as the fortigate (or openspeedtest). There’s a webUI for users to test with and a python CLI that makes testing headlessly easy.
In the past I’ve used the CLI to do hourly speedtests, and then thrown the output CSV stats into influxdb for pretty grafana graphing… that sporadic s2s bug only took Forti-TAC 6 months to track down o.0
There was a checkbox on the client that helped us with it. It was in the client settings, not connection settings
Something like “prefer dpl” connection.
It makes the VPN use UDP instead of TCP
Hi /JH6JH6
While waiting for an update from Fortigate, You can temporarily fix that by changing the interfaces . You can change from 10G to 1G aggregation in the LAN site.
Regards
Bill
£100 (or $100) says it is this. Fortinet broke performance from traffic going from 10 gig to 1 gig interfaces in 7.2.6. It maxes out at 30 Mbps. Reverting to 7.2.5 is your only workaround - or make all of the interfaces ten gig (or 1 gig). It’s the 10 gig to 1 gig that dies.
Fixed in 7.2.8 apparently.
Edit: Don’t go to 7.2.5 if you are running SSL VPN under any circumstances.
But who knows what else will be broken in 7.2.8 when it is available.... Maybe we should open a poll - "What is going to be broken in 7.2.8. And how serious?"OP indicated it is SSL VPN that is slow, and the known issues only seem to indicate issues with IPsec
thank you i did this before it broke my mac clients. We have windows and mac.
There’s an issue specifically with 200/201F running 7.0.13, 7.0.14, 7.2.6, 7.2.7, with crap performance when traffic is passing between 1G and 10G ports. Supposedly will be fixed in next release, since 7.0.14 and 7.2.7 were really just released for the SSL VPN bug. Unfortunately if you need SSL VPN you can’t really roll back to a version without the performance bug.
I worked around it by moving my 1G WAN interface to a 10G port as my edge switch had SFP+ ports open, went from 30Mbps upload to 800Mbps. I know other users had to go the other way if they couldn’t move the 1 to 10G, downgrading the 10G port to 1G still dramatically improves performance.
Mm it’s strange we are using it. All windows clients. W10 / W11
yes windows clients are fine with it but mac clients are very slow.
We haven’t had any issues with Mac slowness since moving to FortiClient 7.2.x