Fortinet black logo

Administration Guide

Home FortiTester 7.1.0 Administration Guide

Using virtual router with AWS public cloud to run a HTTPS CPS test

7.1.0
7.4.0
7.3.2
7.3.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.0
Copy Link
Copy Doc ID 9217125a-7eda-11ec-a0d0-fa163e15d75b:706144
Download PDF

Using virtual router with AWS public cloud to run a HTTPS CPS test

Virtual routers are useful when the FortiTester and the Device Under Test (DUT) are not in the same subnet, or the physical router's or the DUT's ARP table size is less than the test subnet address count.

If your test subnet address is different from the physical router's or DUT's subnet address, and if you don't use the virtual router, you must add a physical router in the test network. This would increase network latency while using the virtual would not, thus ensuring the accuracy of test data. The DUT only requests the virtual router IP’s MAC address, so it reduces the MAC address entries in the DUT MAC address table.

In the DUT the static routes point to either end of the ForiTester, one to the 17.1 network, and the other to the 18.1 network.

Here the virtual router IP is 10.0.2.41 will be on the client side. On the server side the virtual router IP is 10.0.3.117.

Fortigate interface settings on AWS

In AWS, the two interfaces are eth 1 and eth2. The secondary private addresses are 10.0.2.249 and 10.0.3.249, corresponding to the diagram shown earlier. In order to use the virtual router, the source/destination check in both interfaces have to be set to false.

FortiTester interface settings on AWS

Here there are two ports for testing traffic: 10.0.2.41 and 10.0.3.117. Set the source/dest check to false in order to set the virtual router.

FortiTester network object settings example

  1. Log onto FortiTester.
  2. Go to FortiTester > Performance Testing > Objects > Networks to display the following page.

  • The client, server Virtual Router IP Addresses correspond to AWS eth1, eth2 address (10.0.2.41 10.0.3.117).
  • The gateway address corresponds to FortiGate interface Port2, Port3 address (10.0.2.249, 10.0.3.249).
  • The Client Peer Network address corresponds to the server subnet.
  • The Server Peer Network address corresponds to the client subnet.

FortiGate on AWS

Here the network interfaces correspond to AWS interface eth1, eth2 with the IP addresses we configured earlier. The virtual router subnets are pointing to FortiGate gateways.

Now, go to FortiGate > Network > Static Routes.

Remember that the DUT needs to point both the static route to the 17 network and the 18 network to the client server side of FortiTester, so you need to set the static route pointing to the virtual router IP addresses.

This should match up with the FortiTester interface settings from earlier.

Now that we have finished configuring the network objects, we can use it on a test case with HTTP/CPS.

To start an HTTPS CPS test:
  1. Go to Cases > Performance Testing > HTTPS > CPS to display the test case summary page.
  2. Click + Create New to display the Select case options dialog box.
  3. In the popup dialog, for the Network Config option, make sure to select virtual router.
  4. Click OK to continue.
  5. Use the default settings for HTTP/CPS case.
  6. Click Start to run the test case.

FortiTester saves the configuration automatically so you can run the test again later. You can also click Save to save the test case without running it.

You can choose how long you want to run the test case in FortiTester.

Test results

Here the client is generating HTTP traffic and the server is receiving this traffic.

It's important to look for the HTTP_ Attempted and HTTP_Successful. Here, there are 0 unsuccessful requests, which means that the virtual router setup works on FortiTester.

Previous
Next

Using virtual router with AWS public cloud to run a HTTPS CPS test

Virtual routers are useful when the FortiTester and the Device Under Test (DUT) are not in the same subnet, or the physical router's or the DUT's ARP table size is less than the test subnet address count.

If your test subnet address is different from the physical router's or DUT's subnet address, and if you don't use the virtual router, you must add a physical router in the test network. This would increase network latency while using the virtual would not, thus ensuring the accuracy of test data. The DUT only requests the virtual router IP’s MAC address, so it reduces the MAC address entries in the DUT MAC address table.

In the DUT the static routes point to either end of the ForiTester, one to the 17.1 network, and the other to the 18.1 network.

Here the virtual router IP is 10.0.2.41 will be on the client side. On the server side the virtual router IP is 10.0.3.117.

Fortigate interface settings on AWS

In AWS, the two interfaces are eth 1 and eth2. The secondary private addresses are 10.0.2.249 and 10.0.3.249, corresponding to the diagram shown earlier. In order to use the virtual router, the source/destination check in both interfaces have to be set to false.

FortiTester interface settings on AWS

Here there are two ports for testing traffic: 10.0.2.41 and 10.0.3.117. Set the source/dest check to false in order to set the virtual router.

FortiTester network object settings example

  1. Log onto FortiTester.
  2. Go to FortiTester > Performance Testing > Objects > Networks to display the following page.

  • The client, server Virtual Router IP Addresses correspond to AWS eth1, eth2 address (10.0.2.41 10.0.3.117).
  • The gateway address corresponds to FortiGate interface Port2, Port3 address (10.0.2.249, 10.0.3.249).
  • The Client Peer Network address corresponds to the server subnet.
  • The Server Peer Network address corresponds to the client subnet.

FortiGate on AWS

Here the network interfaces correspond to AWS interface eth1, eth2 with the IP addresses we configured earlier. The virtual router subnets are pointing to FortiGate gateways.

Now, go to FortiGate > Network > Static Routes.

Remember that the DUT needs to point both the static route to the 17 network and the 18 network to the client server side of FortiTester, so you need to set the static route pointing to the virtual router IP addresses.

This should match up with the FortiTester interface settings from earlier.

Now that we have finished configuring the network objects, we can use it on a test case with HTTP/CPS.

To start an HTTPS CPS test:
  1. Go to Cases > Performance Testing > HTTPS > CPS to display the test case summary page.
  2. Click + Create New to display the Select case options dialog box.
  3. In the popup dialog, for the Network Config option, make sure to select virtual router.
  4. Click OK to continue.
  5. Use the default settings for HTTP/CPS case.
  6. Click Start to run the test case.

FortiTester saves the configuration automatically so you can run the test again later. You can also click Save to save the test case without running it.

You can choose how long you want to run the test case in FortiTester.

Test results

Here the client is generating HTTP traffic and the server is receiving this traffic.

It's important to look for the HTTP_ Attempted and HTTP_Successful. Here, there are 0 unsuccessful requests, which means that the virtual router setup works on FortiTester.

Previous
Next