Hi I recently migrated from the UTM series to the new XGS 3300 line. I currently have re-established a site-to-site tunnel between my branch and head office sites. I am experiencing very poor VPN tunnel speeds. My head office has a 2.5Gb fibre connection while my branch office has a 100Mb connection.
I was getting very decent connection speeds back on the UTM series, however now with the migration of both sides have started to experience slow speeds. Initially I had left everything as default, so IPsec tunnel acceleration was enabled by default, which appeared to work and transfer speeds were great. However on large transfers it appears to stall half way and go from seconds to hours of transfer times. After I disabled IPsec tunnel acceleration, my throughput between sites was drastically reduced and I have not gotten above ~1MB/s transfer speeds (or ~8Mbps), however large files were now transferring fully.
Both sides have the same settings for IPsec profile:
IKEv2
Phase 1
- Key Life: 28800
- Re-Key: 540
- DH Group: 15
- Encrypt: AES256
- Auth: SHA2 256
Phase 2
- PFS Group: Same as Phase 1
- Key Life: 6000
- Encrypt: AES 256
- Auth: SHA2 512
What can I adjust or look at to improve this performance?
This thread was automatically locked due to age.
