Performance related issues are not easy to troubleshoot. General issues, limitations and recommendations The primary reason is that the throughput depends on several factors and each setup is different. It will be difficult to give numbers on the expected throughput difference between GlobalProtect client versus non-GlobalProtect client scenarios. TCP inside TCP encapsulation (no control over underlying TCP layer).Time needed for the operation depends on the current client/firewall load.Both the client and the firewall have to encrypt/decrypt and encapsulate/decapsulate traffic, which will introduce processing delays.It is expected for the throughput to be slower when the GlobalProtect client is being used as opposed to non-VPN or direct connection. GlobalProtect client-related issues (i.e., slow throughput when using GlobalProtect client) That is the main reason why we would recommend, if you're experiencing slow throughput (when using SSL), to migrate to IPsec whenever possible.īelow are a few ideas/suggestions/limitations regarding this topic. What that means is that the GlobalProtect (GP) client and/or firewall doesn't have control over the underlying TCP layer (error detection, flow control, congestion control), which is slowing down the throughput.
#Palo alto globalprotect download how to
Here is some great information on how to troubleshoot performance related to GlobalProtect.įirst of all, please bear in mind that SSL VPN is not designed to be efficient (it is best effort and not designed for high throughput) mostly because it's TCP-based (TCP inside of TCP). Palo Alto Networks understands that with an increased remote workforce, there is the possibility of performance issues in your network with GlobalProtect.