SSL VPN Slowness (WatchGuard M370)

TineloTinelo
in Firebox - VPN Mobile User

I am experiencing significant slowness with my SSL VPN configured on the WatchGuard M370 model with firmware version 12.8.B659436. The VPN is configured with the Force All Client Traffic Through Tunnel option enabled, as the company needs to ensure all traffic goes through the company’s public IP for communication with banking systems.

The company’s internet link is stable, but the VPN is limiting the speed, reaching only 4 Mbps, while the available link is significantly faster.

I’ve tried adjusting the MTU and prioritizing VPN traffic, but haven’t seen significant improvements. I’d appreciate any recommendations on how to improve VPN performance or adjust WatchGuard M370 settings to avoid this slowness, considering the need to communicate with banking systems via the public IP.

Thanks in advance for any help or suggestions!

Comments

  • Bruce_BriggsBruce_Briggs

    Exactly what kind of traffic is slow?

    Where did you adjust the MTU?

    You can switch to using a UDP port instead of TCP for the Data Channel, which can help improve the speed.

    Manually Configure the Firebox for Mobile VPN with SSL
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/configure_fb_for_mvpn_ssl_c.html

    If you use the Access Portal, note that the Access Portal shares some settings with the SSLVPN settings.
    See the Access Portal section, here:
    Shared Settings and Policy
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/access portal/shared-settings-policies.html

  • bmathiesenbmathiesen

    We spun up an OpenConnect server and using UDP. Split our users between the 2 VPNs due to Cisco Anyconnect licenses being more expensive than Authpoint.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Tinelo

    The SSLVPN is the least performant of the VPN options, but is the most compatible.

    If your clients support IKEv2, please try that option.

    Without any information about what kind of traffic you're sending across the VPN tunnel, and what kind of latency we're dealing with between endpoints, it'll be difficult to suggest anything that might help you achieve better speeds aside from using a different VPN. It may be helpful to upgrade to the latest version of fireware and the new SSLVPN client, but that will simply provide newer TAP drivers for the VPN along with a few other bugfixes -- I don't expect it'd make a huge difference.

    If you'd like to look into your speed issues, please consider creating a support case. You can do so via the support center link at the top right of this page.
    If you open a case, the following info may be helpful:
    -What kind of data are you moving?
    -How large is it?
    -What protocol is it using? (SMB/windows file shares, FTP, HTTP, etc)
    -What are the upload/download bandwidth speeds on both sides of the tunnel?
    -What kind of latency do you see between the firewall and the client on the inside and outside of the tunnel? (You can use ping to determine this.)

    -James Carson
    WatchGuard Customer Support

Sign In to comment.