Any idea what could be wrong?
It isn’t the bandwidth on the interfaces I set them to 1000000kbps and then turned BWM back off. Went through all the access rules and assigned bandwidth object with 5mbps min - 1000mbps didn’t affect anything.
The Firewall is on 200/200 fiber.
It has always performed this badly but after doing some reading this is apparently not correct at all… as some people are saying they are getting more performance than that…
Firmware updated recently, SonicOS Enhanced 6.5.4.6-79n , and version of Netextender has no effect (we have clients running 7 through version 10 most are on version 10). Usually only a handful of clients are connected maybe 5 max of 17.
Back in my day we were happy with 128kbps ISDN
I had this exact issue, It’s possibly your MTU. If your MTU is set to 1500, the VPN then encapsulates the packet and makes it much bigger. The Sonicwall has to defrag and reassemble every packet going over the interface - which slows everything right down. Find the true MTU over the VPN connection, you can use the following guide
https://www.tp-link.com/ca/support/faq/190/
And then set a computer behind the Sonciwall to that MTU and do a speed test. If you’re happy with the speed, set your servers to use that MTU and you’ll be good.
You only need to set your servers and not the whole network because the servers are usually a destination on VPN. Regular LAN traffic going out to the Internet is unaffected by VPN encapsulation. Your internal users won’t notice the smaller server MTU on Gb LAN.
I have a very similar issue with my NetExtender. GVC gets 25mbps, NetExtender gets 700kbps max.
You could try Disable-NetAdapterRsc. This ‘fix’ sometimes works for me for GVC issues, never tried with NetExtender though :
https://docs.microsoft.com/en-us/powershell/module/netadapter/disable-netadapterrsc?view=windowsserver2019-ps
I have the same issue with a SMA500v + NSA4600. NetExtender is awfully slow (1mbps). Our WAN MTU is on 1500 too. I ask our ISP and did some tests with ICMP and this is the correct value for us.
This issues persists since I started testing SSLVPN like 9 weeks ago. Support couldn’t help me until now. This is the only reason we are not implementing this. I’m really annoyed.
MTU on wan interface is 1435, that is an aspect I had not considered and had only set the MTU on the firewall itself.
Set MTU to 1400 no difference… I tested earlier and could pink up to 1472 so … I don’t think it is an MTU issue.
This may help, but Netextender is a SSLVPN client, not the GVC.
Which adapter do you use that on?
Just FYI I also have no issue using other VPN appliances (mikrotik or ubiquiti with LT2P etc…) And our site to site VPNs with the TZ400 work fine. So… I don’t think it is the ISP doing anything screwy either.
Anyway if it was my choice we’d abandon NetExtender and just use L2TP with the built in client which is what I use to VPN to my house when I’m away… works great and can max out my upload from my house with little overhead.
I’ll read through that but the vpn is the only thing slow…the lan is normal.
And this is why I can tell you’re pretty fresh or don’t know anything. L2TP is your preference lol.
I have deployed this solution numerous times in both ssl and gvc scenarios with positive results. It’s worth a shot.
L2TP is preferable to the sonicwall… SSLVPN , which is in fact probably one of the worst VPNs ever performance wise and frankly who knows if it is secure… stop being a D on the internet.
Another thing I suspect is that it probably hasn’t had a fresh reset of all it’s settings since whatever the original firmware was… So that might be something I try at some point.
Lol, you started it with “you must be so smart” comment.
You’ve unraveled since. Pure comedy.
“Who knows if SSL VPN is secure?”
Lolol
The point is thier SSL VPN is infrequently updated… so yeah the assumption is that it isnt’ secure. Quit being a jerk.
Also not everybody needs actual security… sometimes you just need a Masterlock class VPN for sites that frankly aren’t even important enough to get attacked.
Please, I need more flawed logic, can you provide more?
If you didn’t want me to be a jerk then why were you sarcastic and rude? Yet still confidently incorrect. This is enjoyable. You must be new to IT.