12-18-2020 05:57 AM
We recently enabled/ configured/ deployed GlobalPortect on our PA firewall as a first step to replace our existing DirectAccess VPN solution. The GlobalProtect is a brand new installation, performed by a PaloAlto authorized consulting firm. We are piloting 3 business users and 5 IT, group users. Our 3 business users are complaining on a daily basis the VPN tunnel back to the office is very slow compared to the previous VPN solution which both traverses on the same firewall and same internet pipe bandwidth, which is 1.00Gbps so we know there is plenty of bandwidth. When we do a simple file transfer from the GlobalProtect client to an internal Windows File Server, the transfer of a 4.0 Gb is painfully slow to 3kpbs where when we perform the same test over the previous VPN is a heck of lot faster, way faster. I have a ticket opened with PaloAlto Support, but man I must say, they are useless, NOT happy at all with their lack of response back and forth. I am hoping someone here can assist me. Frustrating to say the least. Thanks everyone.
12-18-2020 07:00 AM
If the traffic via DirectAccess to the server passes the firewall without inspection, you could disable inspection via GlobalProtect as well to compare the performance. Consider to enable inspection after your tests.
Another parameter which is worth being checked is the MTU. Set the MTU on the tunnel interface (where GP terminates) to 1300.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!