Issue with File Transfers between On-premises Computers and Azure Files/Servers

Question

We are experiencing issues in our infrastructure when users attempt to upload or download files from on-premises computers to Azure Files Premium or Azure servers via the SMB protocol, resulting in very slow transfer speeds.

The users are connected to a Fortinet firewall (onprem), and there is a Site-to-Site (S2S) connection between the Fortinet firewall and Azure VPN Gateway (SKU1-650 Mbps). The connection seems to be working, but the file transfer process is facing interruptions or failures.

We have checked the metrics for connections to Azure Files, and we've noticed spikes in the "Success E2E Latency" metric, but no issues in the "Success Server Latency" metric.

Clients on-premises are connecting from Spain, while the Azure infrastructure is located in West Europe.

A ping from clients through the Fortinet firewall yields the following data:

Based on this, we believe there might be an issue with the firewall negotiation with Azure VPN. We have tried setting the MTU to 1400 and TCP MSS to 1350, adjusting various encryption configurations, but without success.

Currently we have this encryption configuration in Fortinet and Azure VPN:

Any guidance or insights would be greatly appreciated.

Best regards,

Answer 1

Hello Jose7282,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are having issues with the File Transfers between On-premises Computers and Azure Files/Servers.

These issues might emanate likely from a combination of TCP inefficiencies, VPN limits, and SMB configuration, try to look into them. However, perform the actions below:

• Validate SMB 3.1.1 + Multichannel.
• Upgrade VPN Gateway SKU if bandwidth is capped.
• Simplify FortiGate policies for SMB traffic.

If latency/packet loss persists, test with ExpressRoute (Microsoft Peering) for dedicated connectivity. Then, expose Azure Files publicly (with NSG restrictions) temporarily. If speeds improve, the VPN is the bottleneck.

Then you can confirm if VPN bandwidth is the bottleneck by run an iPerf3 test between an on-premises machine and an Azure VM over the VPN tunnel:

• Deploy a test VM in the same VNet as Azure Files.
• Install iPerf3 on both the Azure VM and an on-premises test machine.
• Run iPerf3 over TCP and UDP to test bandwidth:
• On Azure VM (server mode) using bash command: iperf3 -s
• On-Premises Client (test mode) using bash command: iperf3 -c <Azure_VM_IP> -P 4 -t 30
• For UDP test also: iperf3 -c <Azure_VM_IP> -u -b 650M

If throughput is significantly below 650 Mbps, the VPN is a bottleneck.

Also, perform Azure Files Premium Tweaks by improve the throughput provisioning: This is to ensure the file share’s provisioned IOPS/throughput (e.g., 100 GiB = 100+ MB/s baseline) aligns with workload needs. And secondly, confirm clients in Spain aren’t routed through non-optimal paths (e.g., via US). Use Azure Speed Test to check regional connectivity.

In summary:

• If iPerf3 confirms VPN is slow, upgrade VPN Gateway SKU or switch to ExpressRoute.
• If packet loss is high, disable DPI, reconfigure MSS/MTU, and analyze FortiGate logs.
• If SMB performance is poor but VPN is fine, optimize storage mount settings.
• If routing is the issue, modify UDR.

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Answer 2

Thanks for your response.

We confirm the following:

Validate SMB 3.1.1 + Multichannel.

VPN Gateway SKU bandwidth is not capped.

However, the FortiGate configuration is managed by another provider, so they are currently reviewing it.

We have attached Azure File Premium information:

We have also enabled the Azure Premium Files Metadata Cache Preview weeks ago.

And here are the metrics showing spikes in E2E latency:

Metrics (Avg)

Metrics (Max)

I will follow up once we have tested with iPerf and the FortiGate provider has checked their configuration.

Regards.