AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Forti vpn only9/5/2023 Proxyid=VPN_XXX proto=0 sa=1 ref=137 serial=1 Natt: mode=none draft=0 interval=0 remote_port=0 Proxyid_num=1 child_num=0 refcnt=158 ilast=3 olast=3 auto-discovery=0 Name=VPNXXX ver=1 serial=2 :0->:0īound_if=5 lgwy=static/1 tun=intf/0 mode=auto/1 encap=none/8 options=npu I’ve set tcp-mss on both wan intefaces (100E and 61E) to 1400, but I still see mtu = 1438 on my diag vpn tunnel list: Furthermore, almost all IPsec proposals ran at a speed of 86 MBit/s, which is only 9 % of the IPsec throughput listed in the data sheet. This was the first time at which I was really shocked about the bad performance of only 180 Mbit/s routing speed. While the first two are without routing (simply plugged in both clients into the same software switch on the FortiGate), tests 3 & 4 are routed through the FortiGates. But this made no differences, too, since Knoppix Linux seems to auto set the window size pretty optimal. Furthermore, I tested the differences between a normal TCP test and the manual set of the TCP window size and buffer length with “-w 512k -l 512k”, such as shown here or here.
0 Comments
Read More
Leave a Reply. |