The fortigate firewalls have a little know feature for checking the bandwidth performance between local interfaces and can also can check internet bandwidth by using public iperf servers.
For the firewall to determine bandwidth it uses a built-in iperf client and embedded iperf server which can be used in order to measure bandwidth.
Note: iperf server on the FortiGate cannot be used as a full-featured iperf server. It can be used only for the bandwidth test between FortiGate’s ports.
To preform the Bandwidth tests the command traffictest is used.
To test bandwidth from port1 to port2 on the FortiGate, follow these steps:
#diag traffictest server-intf port2 <—–Define server interface
#diag traffictest client-intf port1 <—–Define client interface
#diag traffictest run <—–Run iperf
Below is what the output should look like:
Fortigate # diag traffictest run
Connecting to host 216.191.95.14, port 162
[ 8] local 192.168.0.1 port 20692 connected to 216.191.95.14 port 162
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 8] 0.00-1.00 sec 347 MBytes 2.90 Gbits/sec 0 352 KBytes
[ 8] 1.00-2.00 sec 356 MBytes 2.99 Gbits/sec 0 352 KBytes
[ 8] 2.00-3.00 sec 360 MBytes 3.01 Gbits/sec 0 352 KBytes
[ 8] 3.00-4.00 sec 358 MBytes 3.00 Gbits/sec 0 368 KBytes
[ 8] 4.00-5.00 sec 359 MBytes 3.01 Gbits/sec 0 368 KBytes
[ 8] 5.00-6.00 sec 361 MBytes 3.02 Gbits/sec 0 368 KBytes
[ 8] 6.00-7.00 sec 354 MBytes 2.98 Gbits/sec 0 368 KBytes
[ 8] 7.00-8.00 sec 353 MBytes 2.96 Gbits/sec 0 432 KBytes
[ 8] 8.00-9.00 sec 357 MBytes 2.99 Gbits/sec 0 448 KBytes
[ 8] 9.00-10.00 sec 356 MBytes 2.99 Gbits/sec 0 448 KBytes
– – – – – – – – – – – – – – – – – – – – – – – – –
[ ID] Interval Transfer Bandwidth Retr
[ 8] 0.00-10.00 sec 3.48 GBytes 2.99 Gbits/sec 0 sender
[ 8] 0.00-10.00 sec 3.48 GBytes 2.99 Gbits/sec receiver
iperf Done.
iperf3: interrupt – the server has terminated
To test bandwidth from the fortigate to a public iperf server you will need the IP address and port used for the iperf server.
Below is a URL to list of publicly available iperf servers.
https://iperf.fr/iperf-servers.php
The are some options for the iperf test on the fortiagte which can be seen by using the command below.
#diag traffictest run -h
One very useful option is the -R which runs the test in reverse mode (server sends, client receives) by default the fortigate sends to the remote server.
Below are the commands to run against a public iperf server.
#diag traffictest client-intf wan1 <—–Define client interface
#diag traffictest port 5201 <—–Define iperf port running on the iperf server
#diag traffictest run -c 216.218.207.42 <—–Run iperf against 216.218.207.42 iperf server (iperf.he.net
To run in reverse mode use the following command.
#diag traffictest run -c 216.218.207.42 -R
Output from the default mode will look like the below example. (fortigate sends, server receives)
Bialik-Viewmount # diag traffictest run -c 216.218.207.42
Connecting to host 216.218.207.42, port 5201
[ 8] local 216.191.95.14 port 5744 connected to 216.218.207.42 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 8] 0.00-1.01 sec 820 KBytes 6.65 Mbits/sec 0 141 KBytes
[ 8] 1.01-2.00 sec 3.08 MBytes 26.1 Mbits/sec 0 389 KBytes
[ 8] 2.00-3.00 sec 6.21 MBytes 52.1 Mbits/sec 0 628 KBytes
[ 8] 3.00-4.00 sec 8.79 MBytes 73.7 Mbits/sec 0 885 KBytes
[ 8] 4.00-5.00 sec 12.3 MBytes 104 Mbits/sec 0 1.17 MBytes
[ 8] 5.00-6.00 sec 13.7 MBytes 115 Mbits/sec 0 1.33 MBytes
[ 8] 6.00-7.00 sec 15.0 MBytes 126 Mbits/sec 0 1.33 MBytes
[ 8] 7.00-8.00 sec 15.0 MBytes 126 Mbits/sec 0 1.33 MBytes
[ 8] 8.00-9.00 sec 15.0 MBytes 126 Mbits/sec 0 1.33 MBytes
[ 8] 9.00-10.00 sec 15.0 MBytes 126 Mbits/sec 0 1.33 MBytes
– – – – – – – – – – – – – – – – – – – – – – – – –
[ ID] Interval Transfer Bandwidth Retr
[ 8] 0.00-10.00 sec 105 MBytes 88.0 Mbits/sec 0 sender
[ 8] 0.00-10.00 sec 105 MBytes 88.0 Mbits/sec receiver
Output from the Reverse mode will look like the below example. (Server sends, Fortigate receives)
Bialik-Viewmount # diag traffictest run -c 216.218.207.42 -R
Connecting to host 216.218.207.42, port 5201
Reverse mode, remote host 216.218.207.42 is sending
[ 8] local 216.191.95.14 port 1787 connected to 216.218.207.42 port 5201
[ ID] Interval Transfer Bandwidth
[ 8] 0.00-1.00 sec 6.98 MBytes 58.5 Mbits/sec
[ 8] 1.00-2.00 sec 45.7 MBytes 383 Mbits/sec
[ 8] 2.00-3.00 sec 47.8 MBytes 402 Mbits/sec
[ 8] 3.00-4.00 sec 48.2 MBytes 405 Mbits/sec
[ 8] 4.00-5.00 sec 48.4 MBytes 406 Mbits/sec
[ 8] 5.00-6.00 sec 48.2 MBytes 405 Mbits/sec
[ 8] 6.00-7.00 sec 48.1 MBytes 404 Mbits/sec
[ 8] 7.00-8.00 sec 48.4 MBytes 406 Mbits/sec
[ 8] 8.00-9.00 sec 48.3 MBytes 405 Mbits/sec
[ 8] 9.00-10.00 sec 48.4 MBytes 406 Mbits/sec
– – – – – – – – – – – – – – – – – – – – – – – – –
[ ID] Interval Transfer Bandwidth Retr
[ 8] 0.00-10.00 sec 451 MBytes 379 Mbits/sec 0 sender
[ 8] 0.00-10.00 sec 443 MBytes 371 Mbits/sec receiver
iperf Done.
iperf3: interrupt – the server has terminated
The fortigate firewalls have a little know feature for checking the bandwidth performance between local interfaces and can also can check internet bandwidth by using public iperf servers.
For the firewall to determine bandwidth it uses a built-in iperf client and embedded iperf server which can be used in order to measure bandwidth.
Note: iperf server on the FortiGate cannot be used as a full-featured iperf server. It can be used only for the bandwidth test between FortiGate’s ports.
To preform the Bandwidth tests the command traffictest is used.
To test bandwidth from port1 to port2 on the FortiGate, follow these steps:
#diag traffictest server-intf port2 <—–Define server interface
#diag traffictest client-intf port1 <—–Define client interface
#diag traffictest run <—–Run iperf
Below is what the output should look like:
Fortigate # diag traffictest run
Connecting to host 216.191.95.14, port 162
[ 8] local 192.168.0.1 port 20692 connected to 216.191.95.14 port 162
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 8] 0.00-1.00 sec 347 MBytes 2.90 Gbits/sec 0 352 KBytes
[ 8] 1.00-2.00 sec 356 MBytes 2.99 Gbits/sec 0 352 KBytes
[ 8] 2.00-3.00 sec 360 MBytes 3.01 Gbits/sec 0 352 KBytes
[ 8] 3.00-4.00 sec 358 MBytes 3.00 Gbits/sec 0 368 KBytes
[ 8] 4.00-5.00 sec 359 MBytes 3.01 Gbits/sec 0 368 KBytes
[ 8] 5.00-6.00 sec 361 MBytes 3.02 Gbits/sec 0 368 KBytes
[ 8] 6.00-7.00 sec 354 MBytes 2.98 Gbits/sec 0 368 KBytes
[ 8] 7.00-8.00 sec 353 MBytes 2.96 Gbits/sec 0 432 KBytes
[ 8] 8.00-9.00 sec 357 MBytes 2.99 Gbits/sec 0 448 KBytes
[ 8] 9.00-10.00 sec 356 MBytes 2.99 Gbits/sec 0 448 KBytes
– – – – – – – – – – – – – – – – – – – – – – – – –
[ ID] Interval Transfer Bandwidth Retr
[ 8] 0.00-10.00 sec 3.48 GBytes 2.99 Gbits/sec 0 sender
[ 8] 0.00-10.00 sec 3.48 GBytes 2.99 Gbits/sec receiver
iperf Done.
iperf3: interrupt – the server has terminated
To test bandwidth from the fortigate to a public iperf server you will need the IP address and port used for the iperf server.
Below is a URL to list of publicly available iperf servers.
https://iperf.fr/iperf-servers.php
The are some options for the iperf test on the fortiagte which can be seen by using the command below.
#diag traffictest run -h
One very useful option is the -R which runs the test in reverse mode (server sends, client receives) by default the fortigate sends to the remote server.
Below are the commands to run against a public iperf server.
#diag traffictest client-intf wan1 <—–Define client interface
#diag traffictest port 5201 <—–Define iperf port running on the iperf server
#diag traffictest run -c 216.218.207.42 <—–Run iperf against 216.218.207.42 iperf server (iperf.he.net
To run in reverse mode use the following command.
#diag traffictest run -c 216.218.207.42 -R
Output from the default mode will look like the below example. (fortigate sends, server receives)
Bialik-Viewmount # diag traffictest run -c 216.218.207.42
Connecting to host 216.218.207.42, port 5201
[ 8] local 216.191.95.14 port 5744 connected to 216.218.207.42 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 8] 0.00-1.01 sec 820 KBytes 6.65 Mbits/sec 0 141 KBytes
[ 8] 1.01-2.00 sec 3.08 MBytes 26.1 Mbits/sec 0 389 KBytes
[ 8] 2.00-3.00 sec 6.21 MBytes 52.1 Mbits/sec 0 628 KBytes
[ 8] 3.00-4.00 sec 8.79 MBytes 73.7 Mbits/sec 0 885 KBytes
[ 8] 4.00-5.00 sec 12.3 MBytes 104 Mbits/sec 0 1.17 MBytes
[ 8] 5.00-6.00 sec 13.7 MBytes 115 Mbits/sec 0 1.33 MBytes
[ 8] 6.00-7.00 sec 15.0 MBytes 126 Mbits/sec 0 1.33 MBytes
[ 8] 7.00-8.00 sec 15.0 MBytes 126 Mbits/sec 0 1.33 MBytes
[ 8] 8.00-9.00 sec 15.0 MBytes 126 Mbits/sec 0 1.33 MBytes
[ 8] 9.00-10.00 sec 15.0 MBytes 126 Mbits/sec 0 1.33 MBytes
– – – – – – – – – – – – – – – – – – – – – – – – –
[ ID] Interval Transfer Bandwidth Retr
[ 8] 0.00-10.00 sec 105 MBytes 88.0 Mbits/sec 0 sender
[ 8] 0.00-10.00 sec 105 MBytes 88.0 Mbits/sec receiver
Output from the Reverse mode will look like the below example. (Server sends, Fortigate receives)
Bialik-Viewmount # diag traffictest run -c 216.218.207.42 -R
Connecting to host 216.218.207.42, port 5201
Reverse mode, remote host 216.218.207.42 is sending
[ 8] local 216.191.95.14 port 1787 connected to 216.218.207.42 port 5201
[ ID] Interval Transfer Bandwidth
[ 8] 0.00-1.00 sec 6.98 MBytes 58.5 Mbits/sec
[ 8] 1.00-2.00 sec 45.7 MBytes 383 Mbits/sec
[ 8] 2.00-3.00 sec 47.8 MBytes 402 Mbits/sec
[ 8] 3.00-4.00 sec 48.2 MBytes 405 Mbits/sec
[ 8] 4.00-5.00 sec 48.4 MBytes 406 Mbits/sec
[ 8] 5.00-6.00 sec 48.2 MBytes 405 Mbits/sec
[ 8] 6.00-7.00 sec 48.1 MBytes 404 Mbits/sec
[ 8] 7.00-8.00 sec 48.4 MBytes 406 Mbits/sec
[ 8] 8.00-9.00 sec 48.3 MBytes 405 Mbits/sec
[ 8] 9.00-10.00 sec 48.4 MBytes 406 Mbits/sec
– – – – – – – – – – – – – – – – – – – – – – – – –
[ ID] Interval Transfer Bandwidth Retr
[ 8] 0.00-10.00 sec 451 MBytes 379 Mbits/sec 0 sender
[ 8] 0.00-10.00 sec 443 MBytes 371 Mbits/sec receiver
iperf Done.
iperf3: interrupt – the server has terminated