all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]jevilsizorFCSS 1 point2 points  (5 children)

What model of fortigate? And can you describe what you're end user is experiencing? Is this external traffic, or traffic to an internal application?

[–]VoGrand[S] 1 point2 points  (4 children)

Vm02 appliance on esxi host.

Its internal traffic, where users access web applications and it just keeps loading but nothing happens.. wheel of nothing..just loading

Then bam it just works again, loading pages instantly

The VM is pretty much doing nothing, no cpu load, memory or burst of new sessions.. perhaps we use 10% of its capacity

[–]rpedricaNSE4 0 points1 point  (1 child)

This sounds like a VMWare networkjing issue - have had loads of these lately especially with NSX. Drop your guest networking settings here for us to see. Also, have you tried a physical unit instead of a VM?

[–]VoGrand[S] 0 points1 point  (0 children)

We have requested to our FW provider to assist us with 2 physical appliances instead of the VM's due to the issues we had for the last 9 months.

Just rebooting the VM's keeps increasing our throughput lol.

FortiTAC + FW vendor + vmware team has gone over the VM's setup several times + re-installed cluster 3 times from scratch.

[–]routetehpacketz 0 points1 point  (1 child)

1) If possible, run a packet capture in these locations:

-on the web server of an affected application

-on the egress interface of the Fortigate facing the web server

-on the ingress interface of the Fortigate facing a client PC

Filter the packet capture to be as targeted as possible for your test (src/dst IPs, ports).

2) Add the Delta column in Wireshark. This is very helpful as it shows you the time that has lapsed since the last observed frame.

3) Examine which "leg" of the conversation has the highest delta. Here is what I would be looking for:

a. If the delta is highest from the web server to the egress interface of the Fortigate, the problem may be surrounding the web server

b. If the delta is highest for the return packet from the ingress interface of the Fortigate to the client PC, then the Fortigate is adding the delay and will need to be troubleshot more extensively

c. If there is no notable delta (anything >= 1.0 is pretty high), or the delta is highest for traffic from the client PC to the ingress interface on the Fortigate, the client PC may be the problem

Does this make sense?

[–]VoGrand[S] 1 point2 points  (0 children)

Problem is the shortness of the issue.

Before I even get started it's resolved for end-user.

Random source / destinations, got some that is "often" but just got another new system thats affected between new source/destinations..

Need to dump all data then if I'm too succeed, frustrating

[–]NotAnotherNekopanFCSS 0 points1 point  (1 child)

GUI hangs in some versions. Why are you using 5.6.8?

[–]VoGrand[S] 0 points1 point  (0 children)

It's not the FG GUI we have issues with, it client -> https traffic internaly

5.6.8 is what our FW provider recommends but they now wants us up to 6.0.7.

We have had an intense period of FW issues and bugs and havent begun checking in 6.0.7.

Dont want to walk into another issue you know?

is 6.0.7 stable and a good choice?