https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155687#M51174 <P>You have 0.0.0.0/0 route so all traffic goes into tunnel when GP is connected?</P><P>I have not changed MTU in my environment so using default.</P><P>Currently at home with 20Mbit down and I get same result (+/- 1Mbit) with and without GlobalProtect (no split tunneling, using 0.0.0.0/0 route in my GP config).</P><P>&nbsp;</P><P>Test with&nbsp;<A href="http://www.speedtest.net" target="_blank">http://www.speedtest.net</A></P><P>What is speed and latency when GP is on and when GP is off?</P><P>&nbsp;</P><P>Any QoS in use?</P> Tue, 09 May 2017 12:55:14 GMT Raido_Rattameister 2017-05-09T12:55:14Z https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155641#M51156 <P>Hello,</P><P>&nbsp;</P><P>We’re experiencing slowness from global connect clients located offsite back to firewall (i.e. 5MBps). Without the VPN client, the user can get up to 60MBps.</P><P>&nbsp;</P><P>What is the recommended MTU settings for GlobalProtect Gateway/interface should be set at? Our Ethernet interface(1/3) MTU where gateway terminates in DMZ is set at 1350 and the tunnel.11 is set to 1400. Does this need to be the same?</P><P>I have already checked the KB below.</P><P>&nbsp;</P><P><A href="https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Improve-Performance-for-IPSec-Traffic/ta-p/53301" target="_blank">https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Improve-Performance-for-IPSec-Traffic/ta-p/53301</A></P><P>&nbsp;</P><P>Thanks in advance.</P> Tue, 09 May 2017 02:52:26 GMT https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155641#M51156 Farzana 2017-05-09T02:52:26Z https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155642#M51157 <P>Open GlobalProtect client.</P><P>Go to Details tab.</P><P>Is protocol SSL or IPSec?</P><P>If SSL then check if you are blocking incoming UDP port 4501 towards GlobalProtect Gateway.</P><P>SSL runs over TCP.</P><P>IPSec runs over UDP and avoids TCP meltdown issue.</P> Tue, 09 May 2017 02:56:20 GMT https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155642#M51157 Raido_Rattameister 2017-05-09T02:56:20Z https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155644#M51159 <P>Hi,</P><P>&nbsp;</P><P>Checked all that you mentioned is fine. C<SPAN>lients connecting using IPSEC.</SPAN></P> Tue, 09 May 2017 04:21:26 GMT https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155644#M51159 Farzana 2017-05-09T04:21:26Z https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155645#M51160 <P>How do you measure speed?<BR />Do you have public website in your environment you could place some big file and try to download it without GP over public internet and with GP connected over tunnel?<BR /><BR /></P> Tue, 09 May 2017 04:37:10 GMT https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155645#M51160 Raido_Rattameister 2017-05-09T04:37:10Z https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155651#M51163 <P>Hi Raido,</P><P>&nbsp;</P><P><SPAN>Yes, we have a FTP service in the DMZ on same interface and speed is fine.</SPAN></P><P><SPAN>&nbsp;</SPAN></P><P><SPAN>All we really want to know is what should the MTU settings on the tunnel vs interface be set at?</SPAN></P><P>&nbsp;</P><P><SPAN>We have tried setting interface to 1360, tunnel MTU to 1400 and select Adjust TCP MSS.</SPAN></P><P>&nbsp;</P><P><SPAN>Getting 10MB down/10MB up. Without VPN we’re getting 40MB down/27MB up. </SPAN></P><P><SPAN>&nbsp;</SPAN></P><P><SPAN>Is this what we should be seeing for GP VPN?</SPAN></P> Tue, 09 May 2017 06:56:04 GMT https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155651#M51163 Farzana 2017-05-09T06:56:04Z https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155687#M51174 <P>You have 0.0.0.0/0 route so all traffic goes into tunnel when GP is connected?</P><P>I have not changed MTU in my environment so using default.</P><P>Currently at home with 20Mbit down and I get same result (+/- 1Mbit) with and without GlobalProtect (no split tunneling, using 0.0.0.0/0 route in my GP config).</P><P>&nbsp;</P><P>Test with&nbsp;<A href="http://www.speedtest.net" target="_blank">http://www.speedtest.net</A></P><P>What is speed and latency when GP is on and when GP is off?</P><P>&nbsp;</P><P>Any QoS in use?</P> Tue, 09 May 2017 12:55:14 GMT https://live.paloaltonetworks.com/t5/general-topics/recommended-mtu-for-globalprotect-gateway/m-p/155687#M51174 Raido_Rattameister 2017-05-09T12:55:14Z