01-29-2021 02:11 PM
Help me come to grips with this. I recently enabled IPSec on our PAN for end user VPN's. I did it primarily to hopefully get improved VoIP performance, less jitter, and perhaps a marginal speed improvement. What I have found is an almost across the board doubling of download speeds.
If you consider that most of my users are on regular consumer Xfinity cable links when using SSL their speed test would average around 15 - 20Mbps. Switching to IPSec changes that to 30 - 50Mbps pretty reliably. Happy, but not what I was expecting and I am trying to understand where the bottleneck is in SSL?
Both data and management CPU's are running mostly below the 20's and haven't noticeably changed after moving to IPSec. I know that IPSec has lower overhead, quicker connection establishment and doesn't suffer from the TCP inside TCP that SSL (TLS) has but I wasn't expecting this big of a difference. I am left thinking the bottleneck is in the encryption methods either on the firewall or in the GlobalProtect client.
PanOS 9.1.4, GlobalProtect 5.2.3
Thoughts?
