Fortinet black logo

Administration Guide

VPN Test Case common options

Copy Link
Copy Doc ID 9217125a-7eda-11ec-a0d0-fa163e15d75b:817104
Download PDF

VPN Test Case common options

Use this page as a generic for information that is common to all VPN case configurations. Anything specific to the case itself will be found within the case's page, i.e. VPN RPS test specifics will be found under the VPN RPS document page.

Settings Guidelines
Basic Information
Name Specify the case name, or just use the default. The name appears in the list of test cases.
Ping Server Timeout If a FortiTester connects to a DUT via a switch, the switch might cause a ping timeout, resulting in the test case failing to run. If this occurs, increase the timeout. The default is 15 seconds. The valid range is 0 to 600.
Note: You can disable this end-to-end connectivity test by entering a setting of 0. If the DUT is unable to return packets, it is recommended you do so.
Number of Samples Select the number of samples. The default is 20, which means the web UI will show the last 20 sample data (about 20 seconds) in the test case running page. You can select 20, 60, or 120.

Script Config

Select the script that will run before/after the test. To create a script, see Using script object templates.

Steady Duration Specify the test duration. The default is 10 minutes. The test stops automatically after the duration you specify.
Stopping Status in Second The maximum time out in seconds allotted for FortiTester to close all TCP connections after the test finishes.

DNS Host Group

Select the DNS host group to look up the IP address of a domain name. To create a DNS host group, see Creating DNS host group.

DUT Monitor

Select to monitor a FortiGate device under test (DUT). If selected, you can monitor the DUT from the DUT Monitor tab on the management interface. To create a DUT monitoring, see Using DUT monitoring.

Network Settings
If you have selected a network config template, the network settings automatically inherit the configurations in the template. See Using network configuration templates for the description of network settings.
Load
Simulated Users Number of users to simulate.
IKE Version Select either version 1 or 2. For 1, configure IKE Mode and XAUTH.
Authentication Method Select either PSK (Pre-shared Key) or Signature. If using a Signature you will need to import a client and server certificate.
Pre-shared Key The parameter of IPsec.
Local Certificate Select either of the certificates. If you have selected a certificate group in the Select case options window, then you are not allowed to select local certificate here.
Remote Certificate Select either of the certificates. If you have selected a certificate group in the Select case options window, then you are not allowed select remote certificate here.
Client Profile
Source Port Range Specify a client port range. The valid range is 10,000 to 65,535, which is also the default.
IP Change Algorithm/Port Change Algorithm Select a change algorithm: Increment or Random. This setting determines how the system changes source/destination IP addresses and ports to simulate multiple client requests. The Increment option uses the next IP address or port in the range, for example: 10.11.12.1 -> 10.11.12.2; port 10000 -> 10001. The Random option selects an IP address or port in the range randomly.
Server Profile
Case Server Port The server port where the test case traffic arrives.
Client/Server Network
Network MTU The maximum transmission unit size.
Action
Request Page Select System Pages with Fixed or Random File Name and Content.

VPN Test Case common options

Use this page as a generic for information that is common to all VPN case configurations. Anything specific to the case itself will be found within the case's page, i.e. VPN RPS test specifics will be found under the VPN RPS document page.

Settings Guidelines
Basic Information
Name Specify the case name, or just use the default. The name appears in the list of test cases.
Ping Server Timeout If a FortiTester connects to a DUT via a switch, the switch might cause a ping timeout, resulting in the test case failing to run. If this occurs, increase the timeout. The default is 15 seconds. The valid range is 0 to 600.
Note: You can disable this end-to-end connectivity test by entering a setting of 0. If the DUT is unable to return packets, it is recommended you do so.
Number of Samples Select the number of samples. The default is 20, which means the web UI will show the last 20 sample data (about 20 seconds) in the test case running page. You can select 20, 60, or 120.

Script Config

Select the script that will run before/after the test. To create a script, see Using script object templates.

Steady Duration Specify the test duration. The default is 10 minutes. The test stops automatically after the duration you specify.
Stopping Status in Second The maximum time out in seconds allotted for FortiTester to close all TCP connections after the test finishes.

DNS Host Group

Select the DNS host group to look up the IP address of a domain name. To create a DNS host group, see Creating DNS host group.

DUT Monitor

Select to monitor a FortiGate device under test (DUT). If selected, you can monitor the DUT from the DUT Monitor tab on the management interface. To create a DUT monitoring, see Using DUT monitoring.

Network Settings
If you have selected a network config template, the network settings automatically inherit the configurations in the template. See Using network configuration templates for the description of network settings.
Load
Simulated Users Number of users to simulate.
IKE Version Select either version 1 or 2. For 1, configure IKE Mode and XAUTH.
Authentication Method Select either PSK (Pre-shared Key) or Signature. If using a Signature you will need to import a client and server certificate.
Pre-shared Key The parameter of IPsec.
Local Certificate Select either of the certificates. If you have selected a certificate group in the Select case options window, then you are not allowed to select local certificate here.
Remote Certificate Select either of the certificates. If you have selected a certificate group in the Select case options window, then you are not allowed select remote certificate here.
Client Profile
Source Port Range Specify a client port range. The valid range is 10,000 to 65,535, which is also the default.
IP Change Algorithm/Port Change Algorithm Select a change algorithm: Increment or Random. This setting determines how the system changes source/destination IP addresses and ports to simulate multiple client requests. The Increment option uses the next IP address or port in the range, for example: 10.11.12.1 -> 10.11.12.2; port 10000 -> 10001. The Random option selects an IP address or port in the range randomly.
Server Profile
Case Server Port The server port where the test case traffic arrives.
Client/Server Network
Network MTU The maximum transmission unit size.
Action
Request Page Select System Pages with Fixed or Random File Name and Content.