SSLVPN way too slow!
I'm supporting SonicWall for our customers since 2002, so I know the basics ;-)
I tried everything I could find in the knowlegebase and the forums, I have no idea why SSLVPN is so slow. I opened a ticket with SonicWall support (#44061153) and the support technican told me that I've configured everything correctly and that SSLVPN simply isn't faster! I can't believe I only get 64 MBit/s on a 1000 MBit/s connection!
To avoid the "SMB over WAN connections" problems, I did all my testing with FTP. The customer has a symetrical 1000 MBit/s fibre connection and a TZ500. At my end I have a 1000/50 MBit/s connection. I did all my testing on a Mac with "Mobile Connect" and on a PC with NetExtender. Everything (firmware, operating systems, client software) on both ends is up to date.
First I opened the FTP ports WAN->LAN for a few minutes and downloaded a huge files from the customer to my computers. I got a download speed of about 170 MBit/s. Not really fast on a 1000 MBit/s connection, but this is what the connection is able to.
Then I closed the WAN->LAN ports again, connected with the SSLVPN client and downloaded the same file over the same connection to the same computers: 64 MBit/s (same speed on Mac and PC). Why is it so slow?
The SonicWall support technican told me that SSLVPN uses encryption and that the TZ500 only uses a single core for this. I checked the load on the TZ500 cpu cores and I never got more than 30%. So this can't be the reason.
I did this tests late in the evening and I was the only one connected to the TZ500 at that time. I also did speedtests from a PC at the customer and from my computers and always got the full speed of the internet connections.
Then I repeated the tests with several of my other customers. Of course the download rates are not comparable but they were also way too slow. What is going on SonicWall?
Answers
Tallies with my experience, unfortunately. Encapsulating everything in TCP is not a great place to start from for performance, and even the slightest packet loss will degrade it even further.
Did you enable TCP Stream on GAV and other security services?
Please check tcp stream, BW management (Global settings, Access Rule settings, Interface Settings) maybe it could be kb to Gb conversion problem.
disable security services on ssl-vpn zones for test.
I am having an a similar issue with the throughput on SSLVPN. When testing throughput, I have an average of 10 - 20 Mpbs while on sslvpn. I have worked with support and created rules to drop UPD traffic. It has been explained to me that this is because all UDP traffic is appended to a single CPU on the nsa3600. I performed the same exact test on the same server using L2TP and got an average of 100Mbps. The L2TP connection does not cause RDP session to disconnect and provides a better result for the end user.
Latest firmware
Rules in place to drop UDP traffic
Latest NexExtender version (10.2.331)
Unlimited bandwidth on sslvpn wan interface
turned off 2FA
set RAS services to auto
Any ideas on how to resolve this? Support seems to be struggling and I have come across many articles but have not found a resolution to the issue!