We have a customer who just spent $5000 on a TZ670 and is experiencing dreadful SSL VPN performance (20Mbps over 1Gb symmetrical fiber).
I’ve been reading this is kinda normal for SonicWall, but apparently there is a new protocol called WireGuard that is being included with the SMA appliances in preview. According to the thread I linked, it provides much better throughput. Is this available/coming soon for the TZ series as well?
Op I would have a look at the slow VPN sonicwall windows 10 fix. Registry key. That doesn’t seem like reasonable performance
What type of device are they using the ssl vpn on? There are a few wireless adapters that when combined with the ssl or global vpn client will cause traffic to slow way way down.
Define performance. If they’re using SMB to manipulate files over that connection, it’s always going to perform poorly.
Hi u/Happy_Harry
It just for SMA and CLOUD EDGE SECURE ACCESS.
https://www.sonicwall.com/search/#q=wireguard&t=Support&sort=relevancy&f:@language=[English]
There is a reason they don’t publish SSL VPN throughput.
Whatever you do, do NOT ask them to demo Cloud Edge. They tried that with us, and it was laughable at best. Trash. Too bad they didn’t work on improving their existing portfolio and gave Perimeter 81 $10 Million in funding. Just think - they could have actually fixed something with that kind of money. Who made that stupid decision?
I did some quick Googling but I can’t find what you’re referring to. Do you mean the VPN windows 10 issue from the January update? I didn’t think SSL VPNs were affected by that; just L2TP.
They’ve tried it on multiple Windows devices with the same result.
I haven’t had a chance to test it myself, but I’m guessing it was SMB file copy speed. The customer’s internal IT was comparing to the performance of their old Watchguard SSL VPN which uses OpenVPN.
Supposedly the Watchguard performed much better.
I just got off the phone with the customer. He says he tried setting it up as a full tunnel VPN and internet speed tests max out at 35Mbps. So it is not just SMB; it seems to be everything.
SonicWall support supposedly also told him that’s normal and the most they can expect to get.
“If your Wi-Fi is going very slow (under 1 Mbps), you might think you have an issue with the adapter. But recently, I’ve found out that if you have SonicWall Global VPN client open on your computer, your speed will drop to around 1 Mbps even if you’re not connected.”
https://asksuler.com/knowledge-base/wi-fi-adapter-slow-while-using-sonicwall-global-vpn/
Try that - the issue caused by one computer will impact all users on the network.
Yeah, that sounds about right, unfortunately. SMB is usually the worst impacted protocol but nothing is particularly good. I wonder if a SMA would be performant but also hate to spend without a guarantee. Could always spin up a virtual one on a trial I’d assume?