- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-06-2023 09:10 AM
Greetings Programs,
We have a client that is an engineering firm. They have a few remote engineers and we are starting to see issues with Civil3D 2023(AutoCAD).
Majority of these end users have Windows 11 OS with Global Protect installed on it to VPN into the office to access a network shared drive. When the end users open Civil3D 2023 (AutoCAD) the base program loads on their machine and then it pulls some pre-set configuration file down from the network share drive. This process is taking anywhere from 15-20 minutes over the VPN. When the end users are in the office this process takes about 3-5 minutes. While troubleshooting, we are not seeing any resource spike on the laptops; CPU, memory, hard drive, and network resources in task manager are running at near idle.
According to Autodesk, Civil3D is designed to work in a windows based network. A use of a VPN is consider to be a 3rd party network.
The main purpose of posting this is to see if anyone is experience similar issue with Global Protect running on windows 10/11 when opening resource heavy programs hat have to reach out across the VPN?
Pan-OS version 10.2.2
GP version: 5.2.12
Any suggestions would be great. Thanks!
01-08-2023 04:46 PM - edited 01-08-2023 04:53 PM
Hello @EDraper
I have a similar situation with anothers heavy apps.
I recommended ot change de MTU value for Global Protect and test. Change first to 1300 and then to 1100 and test the performance and the correct operation. This is por avoid the fragmentation of packets.
And the another options, is use an check DSRI option in the security policies with match for your App. This es for not inspect the response flow, S2C and improve the performance with the connections. The finnaly but only for test and you need to review performance vs security, is not use secure profiles in the policy to match with exactly traffic for this app an test. The review the improve and take a decision security vs operation.
DSRI:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV9CAK
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpfCAC
Cheers
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!