Global Protect gateway configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect gateway configuration

L0 Member

Hi Guys

 

I'm hoping someone can help me with an issue that is constantly being reported by our users. We have Global Protect rolled out to all of our users. On a regular basis, perhaps 2-3 times per week, I come across reports of slowness, poor performance, etc. Speed test download speeds with GP enabled show between 5-25Mb, but when GP is disabled it shoots up to 100Mb+ for most users. I understand there'll be a reduction due to inspection, etc but this seems drastic.

 

I spotted this on our client today. Our UK users are connected to a UK gateway but the Gateway Location is UK Northeast. Is that to be expected?

 

Many thanks

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

 

I am assuming you are utilizing Prisma Access gateways as that looks to be a Palo Alto IP address. Do you have a US gateway configured? And do you allow users to manually select gateways or is everything automatic?

 

Where is that gateway IP address located in terms of country? I would just ping it and check the firewall logs for the destination country if something like ARIN or other sites doesnt show the country. 

 

You could also pull a clients debug logs and take a look at specifically the pangps and pangpa logs to see if anything is failing or see specifically what gateway its connecting to.

 

Claw4609_0-1722626931052.png

 

Cyber Elite
Cyber Elite

@ChanaBaljit,

We get these speedtests all the time and I've had people stop reporting them, it's not helpful from a troubleshooting aspect. Monitor your tunnel latency reports for clients when they're affected and ensure that you have the description field enabled so you're actually seeing the latency report.

L0 Member

Thanks for the advice, I will keep it in mind.

  • 1000 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!