Performance tuning for SSLVPN
Anyone got any tips for tuning SSLVPN performance when you have large numbers of users? There don't really seem to be many parameters we can tweak here, unfortunately.
We are finding that going over 50-60 SSLVPN sessions on a 5650 and the stability of sessions is degrading. Users reporting random dropouts, but we cannot see any issue with either WAN connection on the firewall or with the user's WAN connection. We are reasonably sure that performance was acceptable when session count was <50.
Arkwright Cybersecurity Overlord ✭✭✭
Yes, security services were on the SSLVPN zone, turned this off. Didn't help.
Raised a ticket with support. Suggestion was to connect serial consoles and wait for issue to recur and then we'd get some output. We did this and there wasn't any. Updated firmware to 126.96.36.199, no different. Much uploading of TSRs, tracelogs, logs, etc to ticket.
Three weeks after raising the ticket, I rang support and got lucky. Within 10 minutes he's found a hotfix for this issue [188.8.131.52-97n--HFGEN6-2333-4n] that was also reported by another customer. So that's been on for 24h now and so far it's been OK. The issue doesn't happen every day though, so I don't want to declare this fixed until we've gone 7d without drops.0
I've seen similar degradation on a 3650 with similar numbers of SSLVPN users during peak COVID.
How are the components of 5650 handling that many users (CPU / RAM usage)? Are you running any security services? Usual stuff.
Don't you love it! Thanks for following up with the hotfix info.
No drops for a week, hotfix fixed it.