connection speed between VLANs in the same switch
Hi,
We have a Fortigate 30E and a Zyxel GS1900 Switch in our office.
We recently created a new VLAN3 (192.168.3.x) and put all our servers and NAS in this VLAN.
Our office PC remains in the original VLAN1 (192.168.0.x).
My colleagues report that after changing the NAS to the new VLAN3, the connection speed seems to be lower than before.
We made a speed test and here are the results.
- From PC in the same VLAN3 to the NAS: 950M
- From PC in the original VLAN1(wired) to the NAS: 550M
- From PC in the original VLAN1(WiFi) to the NAS: 350M
It is pretty clear that the connection speed is lower when connecting from different VLAN.
Is there a bandwidth limitation between VLANs inside Fortigate that causes it?
Can you advise us what could cause this low connection speed problem and how to solve it?
Thank you.
All Replies
-
Hi @YiHsien,
May I know what is your speed test tool for this test? Is Fortigate 30E the default gateway for VLAN 1 and VLAN 3?
Zyxel Melen0 -
Hi Melen,
I use iPerf3. I installed iPerf3 on our synology NAS and treat the NAS as the iPerf3 server and use three different PCs at different VLANs as the iPerf3 client to make this test.
Yes, Fortigate 30E is the default gateway for VLAN 1 and VLAN 3.
0 -
Hi @YiHsien,
Thanks for the detailed information. Based on your result, the transmit speed reduction is due to routing. So, the bottleneck is on the Fortigate 30E. You might need to contact Fortigate support to check if there are any security policies or security services that may reduce performance.
Zyxel Melen0 -
Hi Melen,
Thanks for the reply. Since our two VLANs use the same trunk port to Fortigate, could it be the bottleneck?
Can we use two trunk ports from GS1900 to Fortigate 30E(one port for VLAN1 and the other trunk port for VLAN3) ? And will it solve our bottleneck problem?
Thank you.
0 -
Hi @YiHsien,
I think it might not solve this bottleneck. I did a local test in which I used a layer three switch to replace Fortigate 30E, there was one link between the layer three switch and GS1900. The iperf test result is as good as your test result when tested in the same VLAN.
Additionally, you cannot set only VLAN to one of LAG ports since these ports are one port group, they will using the same settings. For more information, please reference the FAQ below.Zyxel Melen0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight