SSLVPN / Net Extender on 6.5.4.12-101n
aaronatcoverdesk
Newbie ✭
Hi,
Our NSA2650 was experiencing CPU issues and tech support advised that we need to upgrade to the latest version to continue getting support. We rely heavily on our VPN both IPSEC and client and the previous versions all had known issues attached to them. Currently, our global client VPN speeds are good, but we prefer the SSLVPN because of its built in MFA support. We have an open support ticket already, but I thought I would post it here. We run SSLVPN in tunnel all mode and have noticed a degradation in speeds since upgrading firmware to the latest versions. The speeds have never been great maybe 20x10 on a 1gig connection, but now they are 2x2 across the board. Has anyone experienced this?
Category: Mid Range Firewalls
Tagged:
0
Answers
SSLVPN performance has never been great but what you describe is particularly poor. How many users do you have?
You can do MFA with Global VPN but AFAIK it can only be RADIUS-based which limits your options.
I've been told by sonicwall that we have a lot of users, but this problem can be replicated on Sunday night when we have no one working. In contrast, we can get incredible speeds (70x70) out of the GCVPN when we are at full load during our busiest part of the day. I think its related to the new firmware but Sonicwall support says its expected behavior and won't get escalated.
Hash tag boundless! If you can demonstrate the issue with just a single user connected then that's a pretty poor response from support, IMO.
SSLVPN performance unfortunately has regularly degraded over the years. Make sure youre running at least version 8.266 of NetExtender.
It's surprising because they went from their own underlying stack to the 'open' WireGuard stack, which many other companies use and don't have the performance problems with it.