topic Re: Restricted tcp flow throughput in a VPN tunnel in General Topics

Restricted tcp flow throughput in a VPN tunnel

GuillaumeV — Thu, 21 Sep 2023 14:39:58 GMT

Hello all,

On my firewall I have a VPN tunnel dedicated to VEEAM backup copy to a remote site. I have a throughput problem which is only present with TCP flows.

I don't have any QOS set on the interface of this tunnel. The flow rule is standard just to make allow.

The MTU is 1438 and the adjust tcp mss option is set to 40 for IPv4. With UDP flows I have a throughput of 100Mb/s, with TCP flows I'm down to 10 - 15Mb/s.

How do I know what's restricting the throughput of my TCP flows so much? Thanks

Re: Restricted tcp flow throughput in a VPN tunnel

OtakarKlier — Thu, 21 Sep 2023 19:52:44 GMT

Hello,

First I would check the MTU settings on the other parts of the network, I've seen something weird like this in the past when jumbo frames were enabled.

Regards,

Re: Restricted tcp flow throughput in a VPN tunnel

GuillaumeV — Fri, 22 Sep 2023 14:05:39 GMT

Hello,
So the MTU was defined via tests. We set it to the value that doesn't cause fragmentation.
None of our ESXIs have JUMBO frames enabled. We would have because we use iscsi but we don't have it enabled. So no problem with JUMBO

Re: Restricted tcp flow throughput in a VPN tunnel

OtakarKlier — Mon, 25 Sep 2023 15:01:36 GMT

Hello,

Another thing you can try to do is within the policy disable "Disable Server Response Inspection" in the security policy and see if that helps. Dont recommend it for any to/from internet traffic.

Regards,