I have been doing some more testing on this and I do not think QoS may not be the solution. I haven't had to apply any QoS to other global protect deployments. I tested with another SSL VPN solution "SoftEther VPN" which is no longer in development, but is fine to use in a test. I thought this would be a good test of QoS, as surely this SSL VPN would suffer the same issues. I did smiliar test with the Softether VPN so moving big files from my laptop, downloading and streaming video. Here is the results from my tests: No VPN: Download 62 Mbps Upload 18.5 Mbps SoftEther: Download 59.6 Mbps Upload 15.9 Mbps Global Protect: Download: 35 Mbps Upload 16 Mbps As you can see, the upload seems fairly good, as it always has, but the download is quite significant. Around 3.8% overhead on the SoftEther connection, which I'd expect as normal overhead for a VPN. However, the Global protect shows around 43.5% losses / overhead, which seems high. Any file transfer, downloads and video streaming with SoftEther VPN remians steady with no drops, and no large difference between ethernet speed and PANGP adapter and it is not having any retransmission problem either. With this info do yout think we still need to implement QoS on the firewall? I have come across the following info with regards to speeds of SSL VPN: https://live.paloaltonetworks.com/t5/Learning-Articles/Why-is-GlobalProtect-Slower-on-SSL-VPN-Compared-to-IPsec-VPN/ta-p/61920 Would like to know your thoughts on this inlight of the above info.
... View more