Restricted tcp flow throughput in a VPN tunnel

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restricted tcp flow throughput in a VPN tunnel

L1 Bithead

Hello all,

On my firewall I have a VPN tunnel dedicated to VEEAM backup copy to a remote site. I have a throughput problem which is only present with TCP flows.

I don't have any QOS set on the interface of this tunnel. The flow rule is standard just to make allow.

The MTU is 1438 and the adjust tcp mss option is set to 40 for IPv4. With UDP flows I have a throughput of 100Mb/s, with TCP flows I'm down to 10 - 15Mb/s.

How do I know what's restricting the throughput of my TCP flows so much? Thanks

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

First I would check the MTU settings on the other parts of the network, I've seen something weird like this in the past when jumbo frames were enabled.

 

Regards,

Hello,
So the MTU was defined via tests. We set it to the value that doesn't cause fragmentation.
None of our ESXIs have JUMBO frames enabled. We would have because we use iscsi but we don't have it enabled. So no problem with JUMBO

Cyber Elite
Cyber Elite

Hello,

Another thing you can try to do is within the policy disable "Disable Server Response Inspection" in the security policy and see if that helps. Dont recommend it for any to/from internet traffic.

Regards,

  • 1341 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!