Skip to Content

How to conduct proper Bandwidth test with FortiSASE SIA VPN

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article explains how to conduct a proper bandwidth test with FortiSASE SIA VPN.

Scope

FortiClient v7.0.11 and above

Solution

Before looking into testing bandwidth, understand below statements:

Impact of Configurations: Firewall Policy, Profile, and Deep Inspection configurations can affect session performance. The impact varies based on the license tier’s backend resource allocation; higher license tiers have more resources, thus better performance.

Performance Variation by Time of Day: ‘Before VPN’ performance fluctuates significantly depending on the time of day. Example: During office hours, it can be expected to see lower speed test results during office hour. This is because generally, there will be more users are connected to FortiSASE VPN.

Local Connection Types:

  • Wireless Connections: May experience interference yielding rapid deviation in latency/jitter/loss/throughput.
  • Wired Connections: This may yield more consistent latency/jitter/loss/throughput.

Data Path and Congestion: A significant number of hops in the data path introduce multiple potential congestion points, affected by the load throughout the day.

Latency, Jitter, Loss, and ISP Connectivity: These factors for the specific data path between a user and the SASE PoP significantly impact performance.

VPN Traffic Routing: When on VPN, all traffic follows a single data path, unlike multiple paths for different destinations within an ISP network off-VPN. This can lead to performance differences based on the oversubscription levels of the specific paths used.

Recommended Testing Tools: iperf3 should be used, along with https://speed.fortisase.com/

Performance Expectations: Under perfect ISP conditions and licensing, it is possible to achieve over 90% of off-VPN download performance.

Performance Fluctuations: Significant fluctuations in off-VPN performance are expected to be mirrored on-VPN.

To effectively test bandwidth, follow the below steps:

Example test case scenario: The user is located in Sydney, Australia, connecting to a Sydney FortiSASE POP.

Step 1: Go to the Budman website to download iperf3.

Step 2: Scroll down to download iperf3.17_64.zip.

Step 3: Unzip it in the Download folder.

Step 4: Go to https://speed.fortisase.com/

Step 5: In Server Location, select Sydney server (select the nearest server to the location).

Step 6: Select ‘Start Network Test’.

Step 7: Scroll down below, the command to run with iperf3 will be get:

iperf3 -c 96.45.44.87 -p 30032 -t 20 -R; iperf3 -c 96.45.44.87 -p 30195 -t 20

Scroll down below, the command to run with iperf3 will be get

Step 8: Open a Windows command prompt, navigate to the unzipped iperf3.17_64 directory, and input the command shown, eg:

iperf3 -c 96.45.44.87 -p 30032 -t 20 -R

This command tests the download speed:

This command tests the download speed.

iperf3 -c 96.45.44.87 -p 30195 -t 20

This command tests the upload speed:

This command tests the upload speed.

In this example, this machine has an average of 206mbps upload speed and 10mbps download speed.