Fortinet black logo

Administration Guide

Home FortiTester 7.1.0 Administration Guide
7.1.0
7.4.0
7.3.2
7.3.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.0

Starting an SSL-VPN tunnel CC test

Starting an SSL-VPN tunnel CC test

FortiTester tests the DUT's ability to support concurrent SSL VPN tunnel connections by establishing a large number of concurrent SSL VPN tunnel connections and completing a full round of HTTP transactions through each tunnel.

To start an SSL VPN tunnel CC test:
  1. Go to Cases > Performance Testing > SSL-VPN>CC to display the test case summary page.
  2. Click + Create New to display the Select case options dialog box.
  3. In the popup dialog, for the Network Config option, select the network template you have created in Cases > Security Testing > Objects > Networks. Then the network related options will automatically be filled. See Using network configuration templates for how to create a network template.
  4. Select a Certificate Group if applicable.
  5. Click OK to continue.
  6. Configure the test case options described below.
  7. Click Start to run the test case.

FortiTester saves the configuration automatically so you can run the test again later. You can also click Save to save the test case without running it.

Tip 1: You can also copy an existing case, and change its settings to create a new case. In the case list, click Clone to clone the configuration. Only the case name is different from the original case.

Tip 2: You can add or edit a comment when the test is running. This comment can be used to search for the test result in the Results page. This is useful especially when the test runs for a long time.

SSL-VPN Test Case common options

SSL-VPN Test Case configuration specific to CC

Settings Guidelines
Basic Information

VPN Host Group

Specify VPN hosts defined under Objects > Host Group. A Host Group is comprised of Hosts e.g. abc.com = 1.1.1.1 . FortiTester will inject the hosts configured into SNI field (server name indication) within the TLS handshake.
Load
Mode

Simuser: Simulated users. Simuser simulates a user processing through an Actions list one at a time. It allows you to determine the maximum number of concurrent users your device, infrastructure, or system can handle.
Connections/second: This mode simulates TCP connections, each of them containing up to hundreds of transactions. It's useful to test how many concurrent connections can be handled by your device. Note: Available only for CPS and RPS.

If the user wants FortiTester to create connections as fast as possible, the user should set the Mode to Simulated Users.

What is the difference between Simuser and Connections/second?

Tunnel Concurrent Connection

The total number of tunnels created in the Throughput case.
Ramp Up Time

The duration in seconds for which new sessions can be opened, attempting to reach the desired Connections per Second configured. (Range: 0 - 300).

Note: If FortiTester cannot reach the Connections per Second configured during the specified Ramp Up Time, it will keep the highest CPS it reached during the Ramp Up Time.

Ramp Down Time The duration in second during which the device ramps down the number of connections it is making. 0 will cause the FortiTester to cease generating sessions. (Range: 0 - 300).
Tunnel Concurrent Connection Specify the number of concurrent connections.
VPN Gateway Port Specify the VPN gateway port number.

Enable User Group

Enable to simulate multiple user names. This allows FortiView to populate with more rich user name information, for example.

  1. Go to Objects > User Groups > Create New to create a user group object.
  2. Click Create New to create multiple users/password pairs to the current User Group Object.
  3. In SSL-VPN (CPS/RPS/CC/Throughput) cases, click on the "Enable User Group" switch option button and select the User Group created in step 1.
VPN Username Enter the VPN username.
VPN Password Enter the VPN password.
Certificate The server certificate. If you have selected a certificate group in the Select case options window, then you are not allowed select certificate here.
Think Time The delay between client HTTP requests (unit: second).
Client Network
Tunnel Mode Select TCP or UDP.
Previous
Next

Starting an SSL-VPN tunnel CC test

FortiTester tests the DUT's ability to support concurrent SSL VPN tunnel connections by establishing a large number of concurrent SSL VPN tunnel connections and completing a full round of HTTP transactions through each tunnel.

To start an SSL VPN tunnel CC test:
  1. Go to Cases > Performance Testing > SSL-VPN>CC to display the test case summary page.
  2. Click + Create New to display the Select case options dialog box.
  3. In the popup dialog, for the Network Config option, select the network template you have created in Cases > Security Testing > Objects > Networks. Then the network related options will automatically be filled. See Using network configuration templates for how to create a network template.
  4. Select a Certificate Group if applicable.
  5. Click OK to continue.
  6. Configure the test case options described below.
  7. Click Start to run the test case.

FortiTester saves the configuration automatically so you can run the test again later. You can also click Save to save the test case without running it.

Tip 1: You can also copy an existing case, and change its settings to create a new case. In the case list, click Clone to clone the configuration. Only the case name is different from the original case.

Tip 2: You can add or edit a comment when the test is running. This comment can be used to search for the test result in the Results page. This is useful especially when the test runs for a long time.

SSL-VPN Test Case common options

SSL-VPN Test Case configuration specific to CC

Settings Guidelines
Basic Information

VPN Host Group

Specify VPN hosts defined under Objects > Host Group. A Host Group is comprised of Hosts e.g. abc.com = 1.1.1.1 . FortiTester will inject the hosts configured into SNI field (server name indication) within the TLS handshake.
Load
Mode

Simuser: Simulated users. Simuser simulates a user processing through an Actions list one at a time. It allows you to determine the maximum number of concurrent users your device, infrastructure, or system can handle.
Connections/second: This mode simulates TCP connections, each of them containing up to hundreds of transactions. It's useful to test how many concurrent connections can be handled by your device. Note: Available only for CPS and RPS.

If the user wants FortiTester to create connections as fast as possible, the user should set the Mode to Simulated Users.

What is the difference between Simuser and Connections/second?

Tunnel Concurrent Connection

The total number of tunnels created in the Throughput case.
Ramp Up Time

The duration in seconds for which new sessions can be opened, attempting to reach the desired Connections per Second configured. (Range: 0 - 300).

Note: If FortiTester cannot reach the Connections per Second configured during the specified Ramp Up Time, it will keep the highest CPS it reached during the Ramp Up Time.

Ramp Down Time The duration in second during which the device ramps down the number of connections it is making. 0 will cause the FortiTester to cease generating sessions. (Range: 0 - 300).
Tunnel Concurrent Connection Specify the number of concurrent connections.
VPN Gateway Port Specify the VPN gateway port number.

Enable User Group

Enable to simulate multiple user names. This allows FortiView to populate with more rich user name information, for example.

  1. Go to Objects > User Groups > Create New to create a user group object.
  2. Click Create New to create multiple users/password pairs to the current User Group Object.
  3. In SSL-VPN (CPS/RPS/CC/Throughput) cases, click on the "Enable User Group" switch option button and select the User Group created in step 1.
VPN Username Enter the VPN username.
VPN Password Enter the VPN password.
Certificate The server certificate. If you have selected a certificate group in the Select case options window, then you are not allowed select certificate here.
Think Time The delay between client HTTP requests (unit: second).
Client Network
Tunnel Mode Select TCP or UDP.
Previous
Next