Users experiencing slow performance into WSS with IPSEC access method

book

Article ID: 196137

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

New IPSEC tunnel established into GGBLO (London) data center

IPSEC Firewall running on Fortigate 1500d router

Users reported that web pages were loading slowly, and downloads of large files were very slow to come down to browser

Simplified setup to add a workstation to same subnet as Fortigate router and saw same issue

Brought up seperate tunnel to Frankfurt data center and also saw slow performances

Cause

Disabled NPU flag to make sure that no ESP ingress or egress packets were offloaded to the NP processor.

For more details on Fortigate NP (Network Protection) processor settings, check out https://kb.fortinet.com/kb/documentLink.do?externalID=FD36203

Environment

IPSEC Firewall running on Fortigate 1500d router

Resolution

Set npu_flag=00 on Fortigate VPN Firewall