Slow speed with GlobalProtect

L2 Linker

Re: Slow speed with GlobalProtect

Thank you for your response. Im try to explain better the scenario.

1st Test. One computer behind the firewall (Site A) downloading a file from I achieve acceptable speed. Im the only one using the firewall, no security profiles attached to the rule.

2n Test. From a computer in a remote site (Site B) and download the same file, I achieve better results due to the best line in Site B.

3rd Test From Site B establish a GP IPsec to Site A without Split tunneling, so all traffic crosses the FW. I go to the same Site and download the same file, the download speed dramatically slowdown.

In 2nd and 3rd scenario I'm the only one crossing the FW.

L7 Applicator

Re: Slow speed with GlobalProtect

In all three scenarios, you're still using a single download. There are bottlenecks that can be associated with a single session (and even more when it comes to IPSec). Things like encapsulation/decapsulation and how it is split across multiple cores, and a whole host of things.


The datasheet numbers are for scale, not for individual downloads from a single client. 


I don't want to come across as harsh, I just can't think of a better way to say it. A single download is VASTLY different than real clients connecting and doing regular work.


If you insist on using this type of flawed testing, at the very least try doing several downloads at the same time from different sites on that test client at site B. At least then you'll be using multiple sessions to fill the tunnel better.

L2 Linker

Re: Slow speed with GlobalProtect

Hi Gwesson,

Thank you for your words,

I understand how It works, thank you for your explanation.
But the fact is that the test that I am doing is the way of working that our customer has.
Workers in remote sites download files via HTTP and via FTP through Global Protect and L2L VPN and it is difficult to download the same file in múltiple parts as you are suggesting.

I am just surprised by the degradation of speed in a device with these characteristics, when the current equipment, much more older (ASA FW) and through VPN supports speeds by far much better doing the same.

Appreciate for your help,

Thank you,
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!