GlobalProtect SSL VPN - Slow SMB Transfers

Reply
L2 Linker

GlobalProtect SSL VPN - Slow SMB Transfers

Hi.

 

First let me say that I have managed to get some improvement to transfer speeds by tweaking the MTU setting on the tunnel interface for the GP VPN.

 

When I first started my testing, if I copied a single large file ( a 400 MB ISO ) from a remote server share to my VPN connected workstation, it was going pretty slow, only transferring at 1-2 MBps - we have a 100 Mbps fiber connection for our internet so I expected a much fast transfer.  After tweaking the MTU on the tunnel interface, it now goes much faster (8-10 MBps)

 

Just so we are on the same data rate terms, 100Mbps should equate to appoximately 12.5 MBps - Windows always shows data transfers in storage terms, which uses the unit of Bytes per second, and we all know networking world likes to use bits per second :)

 

However, If I try to copy that file right back to the server from my remote client, I am lucky to get 800 KBps.  Sometimes it will spike to 1-2 MBps, but then it will suddenly drop to zero and hang...

 

A few things to note:

 

- I am connecting from home, which also has a 100 Mbps connection, using a wired connection, full duplex 1Gbps.

 

- If I do the transfer test over an IPSEC tunnel, I do not have this problem (Tested from an Azure server that links to my on- prem network)

 

- My company network and GP VPN tunnel are not under a heavy load during these tests, in fact I was the only one on the GP VPN during these tests.

 

I had read that I should try enabling IPSEC for my GlobalProtect VPN setup, which I am willing to try, but I would like to understand why the throughput is so asymetrical using SSL VPN.

 

Has anyone else wrestled with this?

 

 

L1 Bithead

Hi,

I struggled with same issue and it was a burning issue for our clients , I got the links checked for consistency and tried other stuff but didnt worked, I was running with OS 8.3 and Palo alto recommended to upgrade it to 8.8 or later


@colesch wrote:

Hi.

 

First let me say that I have managed to get some improvement to transfer speeds by tweaking the MTU setting on the tunnel interface for the GP VPN.

 

When I first started my testing, if I copied a single large file ( a 400 MB ISO ) from a remote server share to my VPN connected workstation, it was going pretty slow, only transferring at 1-2 MBps - we have a 100 Mbps fiber connection for our internet so I expected a much fast transfer.  After tweaking the MTU on the tunnel interface, it now goes much faster (8-10 MBps)

 

Just so we are on the same data rate terms, 100Mbps should equate to appoximately 12.5 MBps - Windows always shows data transfers in storage terms, which uses the unit of Bytes per second, and we all know networking world likes to use bits per second :)

 

However, If I try to copy that file right back to the server from my remote client, I am lucky to get 800 KBps.  Sometimes it will spike to 1-2 MBps, but then it will suddenly drop to zero and hang...

 

A few things to note:

 

- I am connecting from home, which also has a 100 Mbps connection, using a wired connection, full duplex 1Gbps.

 

- If I do the transfer test over an IPSEC tunnel, I do not have this problem (Tested from an Azure server that links to my on- prem network)

 

- My company network and GP VPN tunnel are not under a heavy load during these tests, in fact I was the only one on the GP VPN during these tests.

 

I had read that I should try enabling IPSEC for my GlobalProtect VPN setup, which I am willing to try, but I would like to understand why the throughput is so asymetrical using SSL VPN.

 

Has anyone else wrestled with this?

 

 



 which will boost the speed by six times as older version has known bug which limits the interface throughput on FW VM, upgrade didn't help however tunring the IPSEC setting on did the trick and the speed boomed up significantly , I would recommend to get the IPSEC enabled on VPN setting and see the magic , saying by my own experience :)

 

good luck !!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!