Slow accessing file shares using Global Protect VPN client

Reply
L2 Linker

Re: Slow accessing file shares using Global Protect VPN client

Hey,

Thanks for taking the time to think through this and provide such detailed responses - I certainly appreciate it.

 

1) Differences in matching security policies.

  • Does all of the traffic match the same security rule?
  • Is the server response insepction enabled on one policy but not the other?
  • If multiple policies for the different users are bing hit, do they have the same threat profile?
  • SR: All traffic matches the same security policy.I actually tried creating a security policy with no filtering and DSRI enabled (I even created a custom app with app-override to bypass L7 processing). Same result, so does not seem to be related to filtering or traffic processing through the policy engine.

2) Decryption Policies:

  • Does the traffic match the same decryption policies?
  • SR: There is no decryption turned on in this scenario.

3) Different agent settings getting applied based on source location, and therefore the client behaves differently?

SR: Single portal/gateway so all clients get the same agent settings

 

I've logged a TAC case and will see what they say. Suspect I could be in for the long haul with this one...

 

Thanks again.

L2 Linker

Re: Slow accessing file shares using Global Protect VPN client

For others benefit it looks like this may be related to a network adapter driver "feature" called NS Offload.

We'd originally eliminated this as it occurred on both wired and wireless connections, but through trial and error I've found that disabling this feature seems to have an immediate impact and resolves the performance issues.

It seems this feature is on both the wireless and wired NIC. Tried latest/different drivers but issue persists.

 

There is not much documentation on it: https://www.intel.com/content/www/us/en/support/articles/000005585/network-and-i-o/wireless-networki...

 

My assumption is it is causing the issue when traffic is "offloaded" from the tunnel adapter to the real physical adapter.

 

The 4G adapter does not have this feature which is why it was a non-issue when connecting the VPN over 4G.

 

 

L1 Bithead

Re: Slow accessing file shares using Global Protect VPN client

- I had upgraded my file share server from Windows 2008 R2 to Windows 2016, but accessing file shares is still slow over Global Protect VPN

 

- Finally, I upgraded the PAN to 8.1.8-h5 and it seemed to have resovled this issue.  Accessing the file shares over GP is now working much faster than before. 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!