UncategorizedFeaturedFirewallFortinetNews

Fortigate configuration for TCP for high WAN throughput while preserving low latency

Fortigate Optimizing TCP (Transmission Control Protocol) for high Wide Area Network (WAN) throughput while maintaining low latency is a complex task that involves a combination of various techniques and considerations. Here are some strategies you can employ to achieve this balance:

  1. TCP Window Size Optimization: The TCP window size determines the amount of data that can be sent before waiting for an acknowledgment. Increasing the window size can help utilize the available bandwidth more efficiently, thereby enhancing throughput. However, a larger window size can also lead to increased latency due to delayed acknowledgments. It’s important to find a balance that suits your network conditions.

  2. TCP Congestion Control Algorithms: Choose a congestion control algorithm that is optimized for high throughput and low latency in WAN environments. Algorithms like BBR (Bottleneck Bandwidth and Round-Trip Time) aim to achieve maximum bandwidth utilization while minimizing latency. Experiment with different algorithms to find the one that performs best for your specific network setup.

  3. Quality of Service (QoS) Configuration: Implement QoS mechanisms to prioritize time-sensitive traffic like VoIP or video conferencing over bulk data transfers. This helps ensure that latency-sensitive applications receive the necessary bandwidth while still allowing other traffic to utilize the network effectively.

  4. Selective Acknowledgments (SACK): Enable SACK to allow the receiver to inform the sender about missing packets, reducing the need for retransmissions and improving throughput.

  5. TCP Offload Engines (TOE): Utilize network interface cards with TCP Offload Engines to offload some of the TCP processing from the host’s CPU, which can lead to lower latency and improved throughput.

  6. Packet Loss Mitigation: Implement Forward Error Correction (FEC) or error correction mechanisms to recover lost packets without waiting for retransmissions. This can help maintain throughput even in the presence of occasional packet loss.

  7. Packet Coalescing: Group multiple smaller packets into larger ones before transmission to reduce overhead and improve efficiency, which can positively impact throughput.

  8. Optimize Buffer Sizes: Carefully adjust buffer sizes on both ends of the connection. Small buffers can lead to frequent acknowledgments and reduced throughput, while excessively large buffers can increase latency due to delayed feedback.

  9. Bandwidth Delay Product (BDP) Consideration: The BDP represents the maximum amount of data that can be in transit in the network. Configure your TCP settings to ensure that the BDP is utilized effectively without causing unnecessary delays.

  10. Tuning Maximum Segment Size (MSS): Adjust the MSS to ensure that TCP segments fit within the Maximum Transmission Unit (MTU) of the network, reducing the likelihood of fragmentation and potential delays.

  11. Network Optimization Tools: Utilize tools like WAN optimizers or TCP optimization appliances to automatically apply various techniques like compression, protocol optimization, and traffic shaping to improve both throughput and latency.

  12. Regular Monitoring and Tuning: Continuously monitor network performance and adjust settings as needed. Network conditions can change, so regular tuning is essential to maintain optimal performance.

Remember that achieving the right balance between high throughput and low latency requires a thorough understanding of your network’s characteristics and the specific applications running on it. Experimentation and testing are crucial to identifying the most effective optimizations for your environment.

 

Configuring a FortiGate firewall for optimizing TCP for high WAN throughput while preserving low latency involves several steps. Keep in mind that the exact steps might vary based on the FortiGate firmware version you’re using. Here’s a general guideline:

  1. Access the FortiGate Web Interface: Log in to the FortiGate firewall’s web interface using a web browser by entering the firewall’s IP address.

  2. Quality of Service (QoS) Configuration:

    • Navigate to the “Policy & Objects” section.
    • Create a new policy or edit an existing one to configure QoS.
    • Assign a higher priority or bandwidth allocation to latency-sensitive traffic (e.g., VoIP) compared to bulk data transfers.
    • Apply QoS profiles to the appropriate policy.
  3. TCP Window Size Optimization:

    • Navigate to the “Network” section and select “TCP Optimization.”
    • Adjust the TCP window size based on your network’s BDP and characteristics. Experiment with different values to find the optimal setting.
  4. TCP Congestion Control Algorithm:

    • Depending on your FortiGate version, you might have BBR or other congestion control options.
    • Navigate to the “System” section and select “Settings.”
    • Look for options related to congestion control algorithms and select the appropriate one.
  5. Packet Coalescing:

    • Check if your FortiGate version supports packet coalescing settings.
    • Navigate to the relevant network or interface settings and enable packet coalescing if available.
  6. Optimize Buffer Sizes:

    • Navigate to the “System” section and select “Settings.”
    • Adjust the buffer sizes for various interfaces based on network conditions and performance requirements.
  7. Bandwidth Delay Product (BDP) Consideration:

    • Calculate the BDP for your network.
    • Adjust TCP settings to make sure the BDP is being utilized efficiently.
  8. Tuning Maximum Segment Size (MSS):

    • Navigate to the relevant interface settings.
    • Adjust the Maximum Segment Size (MSS) to match your network’s MTU and avoid fragmentation.
  9. Regular Monitoring and Tuning:

    • Utilize the monitoring tools in the FortiGate interface to observe network performance.
    • Continuously adjust settings based on real-time and historical performance data.
  10. Consult FortiGate Documentation:

    • Refer to the official FortiGate documentation or user guides for your specific firmware version.
    • The documentation will provide detailed instructions and options for optimizing TCP performance.
  11. Backup Configuration:

    • Before making significant changes, ensure you have a backup of your FortiGate configuration. This will allow you to revert changes if necessary.

Remember that network optimization can be complex and requires careful testing. It’s recommended to work with experienced network administrators or FortiGate support if you’re not familiar with all the settings and their potential impacts.

Having Troubleshooting issues contact us

What's your reaction?

Related Posts