FortiWAN Tunnel Routing – Benchmark

Tunnel Routing – Benchmark

To guarantee a performance aggregation transferring TR packets, FortiWAN requires equal quality for the WAN links employed in a tunnel group. The Benchmark here provides evaluation of WAN link quality for every single tunnel. Tunnels are judged in run trip time, packet loss and bandwidth. It is not suggested to employ a WAN link that is worse than others in a tunnel group.

Tunnel Routing’s Benchmark works as Client/Server mode. Test traffic is sent from the client site to the server site via every single configured tunnel, and then the benchmark results are reported at client site. Two steps to start Tunnel Routing’s Benchmark between two FortiWAN appliances (make sure the Tunnel Routing network is established between the two FortiWANs),

  1. Specify one of the FortiWANs to be the benchmark server.
  2. Start benchmark traffic from the benchmark client, the ForiWAN opposite to the benchmark server.

Start a benchmark server

From the WeB UI, the Tunnel Routing page, all the configured tunnel groups are listed in the Benchmark panel. To start the benchmark server on a FortiWAN for a tunnel group, you need:

  1. Specify the port number on the Test Port field for sending/receiving the testing traffic. Note that the port number on both benchmark sites (Client/Server) must be identical. It will fail to receive testing packets if unequal port numbers are used by the two sites.
  2. Click the button Start Test Server of the tunnel group that you want to test from the list (in Test Client Status block). This button will be switched to Stop Test Server while benchmark server is running; click it to stop the server.

While the benchmark server is running, a message Test server is running. Please do not change to another page or close browser will display and occupy the main page of Web UI. For all the administrator accounts, it become unable to apply new configurations to Tunnel Routing (the Apply button on Web UI becomes ineffective) during benchmark server is running. Web UI will allow apply configurations to other functions during benchmark server is running, but we suggest not to do this since changes to some functions such as Network Setting, Firewall or IPSec might interrupt benchmark server. During benchmark server running, you can switch Web UI main page to other functions, but a message Test server is running. Please stop it first displays when you turn the main page back to Tunnel Routing. This message reminds you the benchmark server is still running, and the Apply button of Tunnel Routing remains ineffective until you stop the server. Note that the benchmark server can work for only one tunnel group anytime; stop the server on one tunnel group to start it for another.

Start testing traffic from the benchmark client

For the symmetric FortiWAN sites of a tunnel routing network, benchmark client, the site that is opposite to the benchmark server, triggers the testing traffic. Similarly, all the configured tunnel groups are listed in Benchmark panel. To start benchmark traffic on the site you need:

  1. Specify the port number on the Test Port field for sending/receiving the test traffic. Note that the port number on both benchmark sites (Client/Server) must be identical. It will fail to receive testing packets if unequal port numbers are used by the two sites.
  2. Click the button Test of the same tunnel group that the opposite benchmark server is working for. You will be direct to a management panel to start benchmark testing. For a disable tunnel group, a error message This group is not enabled
  3. In the testing management panel, you see all the tunnels of the tunnel group listed (IP addresses of the two endpoints of a tunnel), and two test cases provided:
    1. Single tunnel test: Click the Test button of a tunnel, testing traffic will be generated and sent to the opposite (the server side) of the tunnel. All the packets of the testing session will be sent through only the specified tunnel. This will bring out a testing result for evaluating performance of the specified tunnel.
    2. Tunnel group test: Click the Test button of the last item All Tunnels in Group (at the bottom of the table), testing traffic will be generated and sent to the opposite (the server side) of the tunnel group. All the packets of the testing session will be distributed over the tunnels of the tunnel group according to the configured algorithm of the tunnel group. This will bring out a testing result for evaluating performance of the tunnel group.
  4. On the upper right corner of the table, there is a button Test All used to perform every Single Tunnel Testing and the Tunnel Group Testing one by one in a top-down order.
  5. You can click Close to stop and leave the benchmark management panel.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.