For internal GW what happens when you create non tunnel-mode GW? Why would one do this? If it only provides USER-ID why is it used?
Enabling tunnel mode uses IPSec as the protocol for tunnel termination instead of SSL. Naturally, this is going to provide better throughput since IPSec is UDP and SSL is TCP.
Enabling tunnel mode allows you to utilise more granular settings for the gateway such as
Maximum number of users connected, X-Auth Support (Allows mobile devices to connect using inbuilt VPN) and the ability to attach a GlobalProtect IPSec Crypto profile - giving you more control over the authentication and encryption algorithms that are used to negotiate keys over the tunnel.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!