In all three scenarios, you're still using a single download. There are bottlenecks that can be associated with a single session (and even more when it comes to IPSec). Things like encapsulation/decapsulation and how it is split across multiple cores, and a whole host of things.
The datasheet numbers are for scale, not for individual downloads from a single client.
I don't want to come across as harsh, I just can't think of a better way to say it. A single download is VASTLY different than real clients connecting and doing regular work.
If you insist on using this type of flawed testing, at the very least try doing several downloads at the same time from different sites on that test client at site B. At least then you'll be using multiple sessions to fill the tunnel better.
Hello @nanukanu I hope you did find a solution for your issue
I'm facing the same issue using PA-200 but the Upload is quite good but the download traffic is slowing down (from 30 Mbps to 2Mbps).
SpeedTest Without Firewall 30 Mbps
SpeedTest with Firewall PA-200 2Mbps
Hi @Adam42 ,
I am facing a very similar issue as you are.
Please could you tell which version of the firewall and the global protect you are using. I am suspecting of some version bug and I would like to know if you the version you are using is the same I am.
@HenriqueGurgel I think the slowdown issue is inherent in Palo Alto Networks GlobalProtect. I have used PAN GP for about 6 years now, across two different models (PA-500 and now PA-820) and the situation with the degraded download speed has always been the same. The firewall software and GP client version do not seem to matter. I've seen this same issue on PAN 6, 7, 8, and now 9 versions, and GP client 2, 3, 4, and now 5. We have a 1GB fiber line to the PA-820. We have people working remotely from customer offices, on all types of different connections (wired, wireless, 200mbps, 500mbps, 1gbps, it doesn't matter). Download tests will always report slow speeds (2-4mbps).
However, as was mentioned by another reply, when you look at the performance in aggregate, meaning across all remote users, the performance isn't as slow as 2-4mbps. I think part of the issue is the speedtests; I don't think they play well with IPsec VPN in general. However, I agree that other vendors' firewall VPNs (Cisco, SonicWall, etc.) do not seem to suffer from the same slowdowns. But remember also that you might have the threat stack enabled so the traffic has additional processing done on it. I realize Palo Alto Networks says that shouldn't slow down traffic below a certain amount, but here we are, all posting about slow PAN GP speeds.
Over the years, I've never bothered to open a support case to get the official answer, as the speed was always "good enough" to support our workloads. However, I would like to understand why this happens.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!