Fortinet black logo

Administration Guide

Home FortiTester 7.4.0 Administration Guide
7.4.0
7.4.0
7.3.2
7.3.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.0

Starting an SSL-VPN CC test

Starting an SSL-VPN CC test

FortiTester tests the DUT's ability to support concurrent SSL VPN tunnel connections by establishing a large number of concurrent SSL VPN tunnel connections and completing a full round of HTTP transactions through each tunnel.

To start an SSL-VPN CC test:
  1. In Performance testing, expand SSL-VPN and click CC.
  2. Click Create New.
  3. Configure the network or select a network template. See Using network configuration templates for how to create a network template.
  4. Select a Certificate Group, if applicable.
  5. Click OK.
  6. Configure the test case options described below.
  7. Click Start to run the test case.

FortiTester saves the configuration automatically so you can run the test again later. You can also click Save to save the test case without running it.

Tip 1: You can copy an existing case and change its settings to create a new case. In the case list, click Clone to clone the configuration. Only the case name is different from the original case.

Tip 2: You can add or edit a comment when the test is running. This comment can be used to search for the test result in the Results page. This is useful especially when the test runs for a long time.

SSL-VPN CC test case options

For details about the common options for SSL-VPN cases, see VPN test case common options.

Settings Guidelines
Basic Information

VPN Host Group

Specify VPN hosts defined under Objects > Host Group. A Host Group is comprised of Hosts e.g. abc.com = 1.1.1.1 . FortiTester will inject the hosts configured into SNI field (server name indication) within the TLS handshake.
Load
Mode

Simuser: Simulated users. Simuser simulates a user processing through an actions list one at a time. It allows you to determine the maximum number of concurrent users your device, infrastructure, or system can handle.
Connections/second: This mode simulates TCP connections, each of them containing up to hundreds of transactions. It's useful to test how many concurrent connections can be handled by your device.

NOTE: If you want FortiTester to create connections as fast as possible, set Mode to Simuser.

For more information, see What is the difference between Connections per Second and Simulated Users?

Tunnel Concurrent Connection

The total number of tunnels created in the Throughput case.
Ramp Up Time

The duration in seconds for which new sessions can be opened, attempting to reach the desired Connections per Second configured. (Range: 0 - 300).

NOTE: If FortiTester cannot reach the Connections per Second configured during the specified Ramp Up Time, it will keep the highest CPS it reached during the Ramp Up Time.

Ramp Down Time The duration in second during which the device ramps down the number of connections it is making. 0 will cause the FortiTester to cease generating sessions. (Range: 0 - 300).
Tunnel Concurrent Connection Specify the number of concurrent connections.
VPN Gateway Port Specify the VPN gateway port number.

Enable User Group

Enable to simulate multiple user names. This allows FortiView to populate with more rich user name information, for example.

  1. Go to Objects > User Groups > Create New to create a user group object.
  2. Click Create New to create multiple users/password pairs to the current User Group Object.
  3. In SSL-VPN (CPS/RPS/CC/Throughput) cases, click on the Enable User Group switch option button and select the User Group created in step 1.
VPN Username Enter the VPN username.
VPN Password Enter the VPN password.
Certificate The server certificate. If you have selected a certificate group in the Select case options window, then you are not allowed select certificate here.
Think Time The delay between client HTTP requests (unit: second).
Client Network
Tunnel Mode Select TCP or UDP.
Previous
Next

Starting an SSL-VPN CC test

FortiTester tests the DUT's ability to support concurrent SSL VPN tunnel connections by establishing a large number of concurrent SSL VPN tunnel connections and completing a full round of HTTP transactions through each tunnel.

To start an SSL-VPN CC test:
  1. In Performance testing, expand SSL-VPN and click CC.
  2. Click Create New.
  3. Configure the network or select a network template. See Using network configuration templates for how to create a network template.
  4. Select a Certificate Group, if applicable.
  5. Click OK.
  6. Configure the test case options described below.
  7. Click Start to run the test case.

FortiTester saves the configuration automatically so you can run the test again later. You can also click Save to save the test case without running it.

Tip 1: You can copy an existing case and change its settings to create a new case. In the case list, click Clone to clone the configuration. Only the case name is different from the original case.

Tip 2: You can add or edit a comment when the test is running. This comment can be used to search for the test result in the Results page. This is useful especially when the test runs for a long time.

SSL-VPN CC test case options

For details about the common options for SSL-VPN cases, see VPN test case common options.

Settings Guidelines
Basic Information

VPN Host Group

Specify VPN hosts defined under Objects > Host Group. A Host Group is comprised of Hosts e.g. abc.com = 1.1.1.1 . FortiTester will inject the hosts configured into SNI field (server name indication) within the TLS handshake.
Load
Mode

Simuser: Simulated users. Simuser simulates a user processing through an actions list one at a time. It allows you to determine the maximum number of concurrent users your device, infrastructure, or system can handle.
Connections/second: This mode simulates TCP connections, each of them containing up to hundreds of transactions. It's useful to test how many concurrent connections can be handled by your device.

NOTE: If you want FortiTester to create connections as fast as possible, set Mode to Simuser.

For more information, see What is the difference between Connections per Second and Simulated Users?

Tunnel Concurrent Connection

The total number of tunnels created in the Throughput case.
Ramp Up Time

The duration in seconds for which new sessions can be opened, attempting to reach the desired Connections per Second configured. (Range: 0 - 300).

NOTE: If FortiTester cannot reach the Connections per Second configured during the specified Ramp Up Time, it will keep the highest CPS it reached during the Ramp Up Time.

Ramp Down Time The duration in second during which the device ramps down the number of connections it is making. 0 will cause the FortiTester to cease generating sessions. (Range: 0 - 300).
Tunnel Concurrent Connection Specify the number of concurrent connections.
VPN Gateway Port Specify the VPN gateway port number.

Enable User Group

Enable to simulate multiple user names. This allows FortiView to populate with more rich user name information, for example.

  1. Go to Objects > User Groups > Create New to create a user group object.
  2. Click Create New to create multiple users/password pairs to the current User Group Object.
  3. In SSL-VPN (CPS/RPS/CC/Throughput) cases, click on the Enable User Group switch option button and select the User Group created in step 1.
VPN Username Enter the VPN username.
VPN Password Enter the VPN password.
Certificate The server certificate. If you have selected a certificate group in the Select case options window, then you are not allowed select certificate here.
Think Time The delay between client HTTP requests (unit: second).
Client Network
Tunnel Mode Select TCP or UDP.
Previous
Next