Palo Alto: Poor IPSEC VPN throughput We have a pair of PA's terminating a couple of s2s vpn's and acting as globalprotect gateways. We've had numerous reports of poor GP performance.
ASR1002 platform limitation with IPSec, Netflow, NBAR - Cisco Nov 02, 2016 FortiGate 100F Series Data Sheet IPsec VPN Throughput (512 byte) 1 11.5 Gbps Gateway-to-Gateway IPsec VPN Tunnels 2,500 Client-to-Gateway IPsec VPN Tunnels 16,000 SSL-VPN Throughput 1 Gbps Concurrent SSL-VPN Users (Recommended Maximum, Tunnel Mode) 500 SSL Inspection Throughput (IPS, avg. HTTPS) 3 1 Gbps SSL Inspection CPS (IPS, avg. HTTPS) 3 1,800 SSL Inspection Concurrent
IPsec VPN Throughput (512 byte) 1 6.5 Gbps 4 Gbps 11.5 Gbps 7.2 Gbps 20 Gbps IPS Throughput (Enterprise Mix) 2 1.4 Gbps 500 Mbps 2.6 Gbps 2.2 Gbps 7.8 Gbps NGFW Throughput (Enterprise Mix) 2, 4 1 Gbps 360 Mbps 1.6 Gbps 1.8 Gbps 6 Gbps Threat Protection Throughput (Ent. Mix) 2, 5 900 Mbps 250 Mbps 1 Gbps 1.2 Gbps 5 Gbps
Those speeds will likely overrun my checkpoint boxes on VPN transfers and I'm also looking at FIOS Gig which is available. Very few hardware vendors have boxes for gig, especially when I'm looking at ipsec/vpn throughput. Saying I'll get 480mbps vpn is total defeat on a gig line. I'd like to see the vpn speed match the line speed.
PA-220R Firewall . 500 Mbps firewall throughput 1; 150 Mbps Threat Prevention throughput 2; 100 Mbps IPsec VPN throughput; 64,000 max sessions; 4,200 new sessions per second 3; 1,000 IPsec VPN tunnels/tunnel interfaces
IPSEC VPN throughput Posted a similar question to r/fortinet but thought maybe other recommendations would be warranted. We're an acute-care hospital - around 90 beds.; probably around 600 guest users (employee phones, patient phones, etc), another 200 private-wireless/wired users, and … Best Practice - VPN Performance Testing | Barracuda Campus Mar 19, 2019 Set MTU in VPN environment in case of throughput issues