{"id":608,"date":"2025-05-06T10:17:14","date_gmt":"2025-05-06T08:17:14","guid":{"rendered":"https:\/\/whoami.lausitz-event.info\/?p=608"},"modified":"2025-05-06T10:34:18","modified_gmt":"2025-05-06T08:34:18","slug":"ssl-performance-in-fortigate","status":"publish","type":"post","link":"https:\/\/whoami.lausitz-event.info\/?p=608","title":{"rendered":"SSL Performance in FortiGate"},"content":{"rendered":"\n\n<p>Da SSL VPN \u00fcber TCP abgewickelt wird, wird TCP in TCP gekapselt. Die damit verbundene Flusskontrolle und das Retransmitting von Paketen, kann zu mehr Neu\u00fcbertragungen und Paketverlusten f\u00fchren und damit zu einer schlechteren SSL VPN Performance.<\/p>\n\n\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"342\" height=\"275\" src=\"https:\/\/whoami.lausitz-event.info\/wp-content\/uploads\/2025\/05\/image.png\" alt=\"\" class=\"wp-image-611\" srcset=\"https:\/\/whoami.lausitz-event.info\/wp-content\/uploads\/2025\/05\/image.png 342w, https:\/\/whoami.lausitz-event.info\/wp-content\/uploads\/2025\/05\/image-300x241.png 300w\" sizes=\"auto, (max-width: 342px) 100vw, 342px\" \/><\/figure>\n\n\n\n\n\n<p>Vermutlich ist damit TCP \u00fcber TCP eine schlechte Idee. Wie w\u00e4re es wenn wir UDP f\u00fcr VPN-Tunneling in Verbindung mit DTLS verwenden. Der Verkehr wird damit immer noch mit TLS gesch\u00fctzt, aber in diesem Fall verwenden wir DTLS f\u00fcr die Kommunikationssicherheit und UDP f\u00fcr die Verbesserung der \u00dcbertragungsgeschwindigkeit. Daher muss sich die untere Schicht nicht um die erneute \u00dcbertragung von Segmenten und Flusskontrolle k\u00fcmmern, da diese Aufgabe die Schicht oben dr\u00fcber \u00fcbernimmt.<\/p>\n\n\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"339\" height=\"256\" src=\"https:\/\/whoami.lausitz-event.info\/wp-content\/uploads\/2025\/05\/image-1.png\" alt=\"\" class=\"wp-image-612\" srcset=\"https:\/\/whoami.lausitz-event.info\/wp-content\/uploads\/2025\/05\/image-1.png 339w, https:\/\/whoami.lausitz-event.info\/wp-content\/uploads\/2025\/05\/image-1-300x227.png 300w\" sizes=\"auto, (max-width: 339px) 100vw, 339px\" \/><\/figure>\n\n\n\n\n\n<p>Ab FortiOS 5.4 wird SSL VPN \u00fcber UDP unterst\u00fctzt. Diese Funktion kann aktuell nur \u00fcber die Commandline konfiguriert werden.<\/p>\n\n\n\n\n\n<pre class=\"wp-block-code\"><code>config vpn ssl settings\n          set dtls-tunnel enable\/disable\nend<\/code><\/pre>\n\n\n\n\n\n<p>Konfiguration des FortiClients f\u00fcr diese Funktion.<\/p>\n\n\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;sslvpn>\n            &lt;options>\n                &lt;enabled>1&lt;\/enabled>\n                &lt;prefer_sslvpn_dns>1&lt;\/prefer_sslvpn_dns>\n                &lt;dnscache_service_control>0&lt;\/dnscache_service_control>\n                &lt;use_legacy_ssl_adapter>0&lt;\/use_legacy_ssl_adapter>\n                &lt;preferred_dtls_tunnel>1&lt;\/preferred_dtls_tunnel>\n                &lt;no_dhcp_server_route>0&lt;\/no_dhcp_server_route>\n             &lt;\/options><\/code><\/pre>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Da SSL VPN \u00fcber TCP abgewickelt wird, wird TCP in TCP gekapselt. Die damit verbundene Flusskontrolle und das Retransmitting von Paketen, kann zu mehr Neu\u00fcbertragungen und Paketverlusten f\u00fchren und damit zu einer schlechteren SSL VPN Performance. Vermutlich ist damit TCP \u00fcber TCP eine schlechte Idee. Wie w\u00e4re es wenn wir UDP f\u00fcr VPN-Tunneling in Verbindung [&hellip;]<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[19,3],"tags":[],"class_list":["post-608","post","type-post","status-publish","format-standard","hentry","category-fortinet","category-it"],"_links":{"self":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=608"}],"version-history":[{"count":3,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/608\/revisions"}],"predecessor-version":[{"id":615,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=\/wp\/v2\/posts\/608\/revisions\/615"}],"wp:attachment":[{"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/whoami.lausitz-event.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}