Anyone has some experience in using Fortigate SSL VPN with RB750GR3 is getting the slow result? My broadband is 100MB & my firewall is FortiWifi 60E.
After I setup SSL VPN in 60E & make a test, the speed is too slow. Is there have any setting can tune in RB750GR3 or 60E for fix the issue?
Thanks.
Your hEX should be able to route at 100Mbps (it ma peak at around 300Mbps). But that’s true with optimal config. With non-optimal config, it’s routing capacity can drop to any number and it’s impossible to say why in your particular case it can’t reach 100Mbps.
There’s additional gotcha: the mentioned numbers are reachable with multiple concurrent connections going through router. Fortigate’s VPN will appear as single connection to router (even if tehre are multiple connection going through VPN tunnel) and only single CPU will handle all the traffic. So the VPN throughput may fall as low as to 75Mbps even if everything is set up correctly. So it may turn out that your hEX is simply not up to the task you’re throwing at it. You can verify to see if this plays a part if you run CPU prifiler while testing throughput through VPN tunnel. If you see single CPU core pegged at 100%, then this is it. Configuration optimization may aleviate the issue to certain extent, but HW limitation is a hard one.
And that’s assuming that hEX is only routing, not doing the encryption. ROS on hEX can do IPsec tunnels with encryption in hardware and according to test results it should be able to push more than 100Mbps through it. Yes, sounds unbelievable (that router can push more through encrypted tunnel than can push through plain interface), but it has to do with number of connections (and if router does IPsec, then it’ll actually see multiple connections so multiple CPU cores will be used).