For a long time now we've been having huge connection problems at work.
The Internet connection is bad, for sure, but I don't think they are the main problem, they don't see any packet loss on their end and it's clearly happening every morning between 8 and 10, give or take half an hour.
We have three netgear GS724T plugged in a fortinet with two WAN ports. Looks like changing the WAN used doesn't change much, but the second connection, usually only used for VoIP, is so weak that it's hard to tell if it's the same problem or just if the connection is too slow for our needs.
I just ran get system performance status on the fortinet and I get the following:
CPU states: 0% user 6% system 0% nice 92% idle
Memory states: 56% used
Average network usage: 7137 kbps in 1 minute, 5229 kbps in 10 minutes, 4067 kbps in 30 minutes
Average sessions: 2471 sessions in 1 minute, 2542 sessions in 10 minutes, 2279 sessions in 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 238 days, 19 hours, 24 minutes
Those stats seems a little high, I don't understand what is eating so much bandwith. Any way to know which IP is downloading?
The fortinet is quite outdated I believe, running Fortigate-60 3.00,build0753,100217
Best Answer
This sounds like a case study for sFlow. The best way for you to figure out what's going wrong is to figure out who's talking to who - and how much. Just spin up your favorite sFlow analyzer and start tracking the bandwidth consumption of individual users.
Here's an example sFlow configuration pulled from sflow.com that you'd put on your WAN interface:
Configuration snippet pulled from sflow.com, Configuring FortiGate appliances.