I have a site to site IPSEC VPN configured but lately – at least the last couple weeks – the performance hasn’t been what it used to be. I’ve triple checked our settings are exactly according to the Fortinet cookbook / Azure manual.
I did some digging and I’m having packet loss at a substantial level (10-20%) but only for packets over 400 bytes or so. The smaller packets get by with under 1% loss.
I’ve already double checked my local firewall and it should have 1500 bytes for the MTU defined. Behavior is normal between VMs on the Azure subnet.
I’m using tunnels to multiple subnets with different SKUs, all of which are producing the same results.
I’m thinking about shrinking the MTUs on the problem servers until I can get a real solution.
I’ve already contacted Fortinet support and I’m getting ready to open a case with MS. Anything more I should be doing?