Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Performance tuning for SSLVPN

ArkwrightArkwright All-Knowing Sage ✭✭✭✭

Anyone got any tips for tuning SSLVPN performance when you have large numbers of users? There don't really seem to be many parameters we can tweak here, unfortunately.

We are finding that going over 50-60 SSLVPN sessions on a 5650 and the stability of sessions is degrading. Users reporting random dropouts, but we cannot see any issue with either WAN connection on the firewall or with the user's WAN connection. We are reasonably sure that performance was acceptable when session count was <50.

Category: Mid Range Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    Answer ✓

    Yes, security services were on the SSLVPN zone, turned this off. Didn't help.

    Raised a ticket with support. Suggestion was to connect serial consoles and wait for issue to recur and then we'd get some output. We did this and there wasn't any. Updated firmware to 6.5.4.11, no different. Much uploading of TSRs, tracelogs, logs, etc to ticket.

    Three weeks after raising the ticket, I rang support and got lucky. Within 10 minutes he's found a hotfix for this issue [6.5.4.11-97n--HFGEN6-2333-4n] that was also reported by another customer. So that's been on for 24h now and so far it's been OK. The issue doesn't happen every day though, so I don't want to declare this fixed until we've gone 7d without drops.

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I've seen similar degradation on a 3650 with similar numbers of SSLVPN users during peak COVID.

    How are the components of 5650 handling that many users (CPU / RAM usage)? Are you running any security services? Usual stuff.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Don't you love it! Thanks for following up with the hotfix info.

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    No drops for a week, hotfix fixed it.

Sign In or Register to comment.