View Full Version : QOS and IP Compression

2006-05-12, 18:11

I have enabled Floodgate Qos and IP compression and now the VPN runs very slow. Does anyone know anything about this?

2006-05-13, 21:45
What versions of FW-1 are on each end? What HFA as well?

What encryption are you using for the VPN? If DES/3DES, do you have hardware crypto acceleration cards on each end?

What are the hardware specs on each side?

Have you implemented any Floodgate-1 rules or are you just running on the default rule for now?

If you're running a low-end box, enabling Floodgate-1 can take up a lot of memory and cause overall performance issues. If you have a low-end box or are low on memory, there's a package you can install that forces Floodgate-1 into simplified mode (not sure if that's the exact name). It lets you use the features most people want and disables the complicated features most people probably aren't going to use anyway. This mode greatly reduces the amount of memory Floodgate-1 uses.


2006-05-14, 14:57

NGX R60 SPLAT on both ends HFA2
Dell SC420
1GB Mem
P4 2.8HT
2 Dual Intel MT NIC

AES/3DES encryption

I am just using a default rule for now

2006-05-14, 16:40
I assume by your first message, that before you turned on FG-1 performance was better. Have you tried to up the allocation for IPSec connections?

2006-05-14, 19:41
I haven't made the jump to NGX yet, but as it's coming up on one year old, I'll do so this summer.

I'm running a trans-Atlantic VPN between two R55 gateways with QoS on my end but not on theirs. They're using Express R55P on IPSO 3.8 while I'm using R55 HFA17 on IPSO 3.9 on my side. Their box is an IP380 while mine is an IP530 (700 MHz, P-III, 1 GB of RAM). Not using DES or 3DES at all, just AES-256/SHA-1.

The thing whizzes along. When our employees are in the UK, they can plug in and log into the domain here and access all resources and it's just as fast as when they're in by SecureClient in the US. Compresion is enabled on both ends.

Not sure what to tell you.