Certainly, I can see slowness when there are peaks in bandwidth usage, but I also see slowness that doesn't correspond to any bandwidth usage. Like the OP, the overall bandwidth usage doesn't explain all of the issues). On my production system, I will have stretches where I can get 50-70 mbps, but this will frequently drop down to the 2-10 mbps range (for minutes at a time). My assumption is that this is some internal tuning limitations that we can't see. I can do testing outside GlobalProtect (static NAT) and pretty consistently get 940 mbps. I don't see a significant CPU load on the firewall at either point. I can open a second SSL VPN connection from a different computer and simultaneously get another 50-70 mbps without impacting the first session. In my testing I can never average more than 50-70 mbps GlobalProtect SSL VPN connection (dedicated 3020 firewall with just me, dedicated 1 Gbps internet link on both sides for just me, 30ms latency, no inspection or app-id, no QoS, iperf3). I've read tons of these posts on the forums, but rarely see anyone discuss what we should expect. I've also heard similar complaints from other Palo customers who blame the issue on globalprotect, but I'm not sure if there is truth to that, so I don't want to assumeįor the guys that have replied, I'm curious what kind of performance you see on your GlobalProtect sessions? I think it might be helpful to set a baseline when talking about GlobalProtect performance. Would Globalprotect share the 500Mbps throughput with those Site-to-Site VPNs too, or is that 500Mbps per tunnel interface? The firewall also has some site-to-site VPNs too. Assuming my understanding is correct, those 100 users are going to be sharing the 500 Mbps throughput? Plus the profiles attached to the security policy rules (av, threat, url, decryption) add some overhead, I'm not entirely sure how much that would impact though. There are over 100 users connecting to globalprotect during peak times. When I check the specs, I see max IPsec throughput is 500Mbps. I don't want to jump to conclusions but I believe the issue is inadequate hardware. When I attempt from a speed test site, I get a little over 100Mbps off the network but around 20Mbps when I'm on GlobalProtect. They get speed tests between 3mbps - 20mbps. Users are complaining about very slow connections from globalprotect. I recently started a new job and have been thrown right into the fire.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |