Severe download speed degradation with Radius tunnelall VPN connection normal?
I just completed a Radius VPN connection to my TZ270 unit. I know the merits of split tunnel routing, but want to use tunnelall, due to international needs. But while the connection is functional, the falloff in download speed is huge, whereas the upload speed isn't impacted. Here's a comparison of the speed results using a regular connection vs. a Radius tunnelall VPN connection.
With my previous Sonicwall (NSA 250), I consistently had download speeds above 4 mbps. Is this falloff to be expected with a tunnelall Radius VPN connection? Does anyone have (or can try) a similar connection that doesn't exhibit this huge a drop-off?
Best Answer
Jeff_L Newbie ✭
I had an extended remote session with a Sonicwall technician, and I now have the answer: A TunnelAll connection for this unit really IS this lousy -- there's no hope for improvement over the second test above. I was expecting the usual dropoff in download speed using VPN, but not to THIS extent. Even a machine with a download speed of over 80 mbps drops to less than 2 with the connection. Split tunnel is the ONLY real VPN option with this firewall. If you're looking for VPN that will allow you to traverse international borders, know that this isn't what you're looking for.
I neglected to mention that this is a NetExtender connection to a Windows 10 machine. This has been tested on several such machines, and the degradation has been consistent between them.
You have also neglected to tell us the firmware version of the firewall.
You have to consider what you are doing with the traffic as well as the 270 is the lowest of the low end. If you are utilizing any of the UTM features I can see how the performance is that degraded.
It's not that it won't allow you to use VPN to traverse borders, it's that you have to know what you are doing with it.
This is an older chain, but I am leaving this for others who might search for it later. The firmware in the Gen7 TZ270 (and others) is pretty buggy in my experience prior to 7.0.1-5030-R2007.
Also, the configs have not always been stable upgrading from old versions of Gen7 SonicOS to the current version so I make sure I have documented the config and factory reset it after upgrading the firmware. From that point with a clean config manually entered I have MUCH better luck. This is contrary to Level 1 Tech Support, but lines up with Level 2+ staff opinions.
I am confused by the comments from @TKWITS with regards to the TZ270. That is an incredibly fast firewall (for a Sonicwall) and several times faster than any of the previous generations anywhere near that price point. It is not even a close race as the TZ270 is roughly equal to the TZ400 and faster at nearly everything smaller than the TZ400 like the TZ350, TZ300, SOHO 250, etc...
I usually cut the advertised numbers in half or thirds to help eliminate the marketing imaginary performance (who makes this stuff up?), but still the TZ270 is far and away a better hardware platform. They will NOT make these numbers in any generation with the normal best practice licensed security features enabled and properly tuned for the real world installations, but I find the relative numbers between models to be close enough if they are all assumed to be 2x or 3x of an exaggeration.
Compare these numbers:
To these...
Enjoy and good luck.