DescriptionThe FortiGate 200D hardware design is such that the Wan1 and Wan2 ports benefit from direct NP4-Lite(Soc2) hardware acceleration, and bypass an internal switch fabric. This allows for optimized 1Gbit CPU-offloaded traffic between these two ports.
The drawback is that when those ports are set to 100Mbit, and there is any egressing traffic that bursts beyond 100Mbit, certain packet loss might occur (silently dropped, no counter or log).
SolutionThese ports are best utilized when set to 1Gbit, where this problem would not occur.
If setting them to 1Gbit is not possible, there is the possibility to use any other PortX interface, which does not connect directly to the NP4 internally, but to an internal switch fabric. This switch fabric offers a greater ability to buffer the egressing >100Mbit bursts, resulting in lower or no losses, depending on the burst size and duration. The trade-off is reduced hardware acceleration bandwidth between these portX interfaces.
Another solution is possible, but this requires the addition of a switch between the wan1/wan2 ports and the equipment set as 100Mbps. The switch will be configured with 1Gps for the port facing the FortiGate 200D wanX interface, and 100Mbps on the port facing the 100Mbps equipment. This way the switch should handle better the packet burst because it usually has a bigger packet buffer.
