Site to Site VPN Performance issues
Question: Was asked this a while back and while surfing the net it jogged my memory. A user was experiencing pretty poor performance when using site to site VPN’s. This is going to show the age of the question as they were using FortiOS 5.0.5. Normally, this is because of a bug relating to NPU acceleration on the tunnel experiencing the degraded performance. You can disable NPU acceleration for said tunnel and you will usually resolve the issue. Use the commands below.
config vpn ipsec phase1-interface
edit <tunnel name>
set npu-offload disable
end
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Hi Mike, I’m a Southern Boy also. I am about to lose a client. My client has one main issue at their sites (4) I have been dealing with Fortinet Support for weeks now and they can’t fix my problem.
Basicly I have 4 sites with main Site1 has a FGT90D other 3 sites have FGT60D’s. There are 3 VPNs going to Site(1). All VPN setups had been working fin until client went and purchased IP Phones using a Hosted PBX system. The issue is that the phones keep either dropping calls or having to restart phones to re register them to Hosted PBX. We have set it up all kinds of ways but still issues exists. What would it cost me to have you take a look?
Do you have any videos on this type of setup VOIP/VPNs.
Lastly, i’m on ver 5.2.10 , Can I move up to ver. 5.4 for new interface with out any issues?
Thanks Noel
Noel,
You can move to 5.4 just fine. Just be sure to follow the approved upgrade path CLICK HERE FOR UPGRADE PATH
With regards to the VOIP issue, this is a hosted PBX that then registers out through a SIP Trunk? I assume it is traversing the firewall in some way? Give me a shout at mike@fortinetguru.com and we can discuss the issues you are experiencing! I don’t have any videos yet but as I am being asked more frequently about VOIP and FortiGates working harmoniously I guess I need to get cracking on them!
Hi Guru,
I have the same issue with running site to site VPN very slow, but before it was good speed not sure if the bug of version can be the issue ? my version is 6.4.3
Also is there any risk if we disable the npu-offload since we dont know what it was and use for ?
Regards,