Help me come to grips with this. I recently enabled IPSec on our PAN for end user VPN's. I did it primarily to hopefully get improved VoIP performance, less jitter, and perhaps a marginal speed improvement. What I have found is an almost across the board doubling of download speeds. If you consider that most of my users are on regular consumer Xfinity cable links when using SSL their speed test would average around 15 - 20Mbps. Switching to IPSec changes that to 30 - 50Mbps pretty reliably. Happy, but not what I was expecting and I am trying to understand where the bottleneck is in SSL? Both data and management CPU's are running mostly below the 20's and haven't noticeably changed after moving to IPSec. I know that IPSec has lower overhead, quicker connection establishment and doesn't suffer from the TCP inside TCP that SSL (TLS) has but I wasn't expecting this big of a difference. I am left thinking the bottleneck is in the encryption methods either on the firewall or in the GlobalProtect client. PanOS 9.1.4, GlobalProtect 5.2.3 Thoughts?
... View more
I need to have my IPSec tunnel initiate from a specific IP address on my outside interface. In the IKE gateway | local IP address field I can only select the outside interface IP/subnet and then the tunnel uses that default interface IP as the source. My outside interface has a whole subnet of IP addresses and I want to use a specific one not the default one assigned to the interface. I can't figure out how to get my IPSec tunnel to use the specific outside IP I want it to. The remote site is expecting the connection from this specific IP not the default interface IP.
... View more