CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Page 2 of 2 FirstFirst 12
Results 21 to 23 of 23

Thread: VPN Remote User with timeouts and low performance

  1. #21
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,639
    Rep Power
    9

    Default Re: VPN Remote User with timeouts and low performance

    sk107433 explains that nat_t is just what it sounds like, esp over udp.

    visitor mode forces the client to use https as a transport instead of nat_t.

    This is still very puzzling that nat_t would perform so bad compared to visitor mode. My first reaction would be nat_t is causing ip frags would would could explain slow ftp but i don't think it would explain %50 ping packet lose since that should fit fine inside a single packet and thus not require fragmentation i would expect.

    Packet captures between client and firewall, firewall and ftp server might turn up something interesting, but i'm sure since its working just call it a day and move on.

  2. #22
    Join Date
    2012-06-13
    Posts
    368
    Rep Power
    7

    Default Re: VPN Remote User with timeouts and low performance

    Quote Originally Posted by marco_d View Post
    Hello all,

    the problem is solved. We changed the transport mode with GuiDBedit to visitor mode. Before was auto detect configured. The timeouts are gone and now we have much more throughput on the
    remote connection.

    Thanks for all the help.

    Marco

    Hello,

    Would you mind sharing the exact entries changed? I think I am facing the same issue.

  3. #23
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,234
    Rep Power
    13

    Default Re: VPN Remote User with timeouts and low performance

    Quote Originally Posted by blason View Post
    Hello,

    Would you mind sharing the exact entries changed? I think I am facing the same issue.
    sk107433: How to change transport method with Endpoint Clients
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

Page 2 of 2 FirstFirst 12

Similar Threads

  1. tunneling all remote VPN user traffic through edge
    By lucid in forum Check Point UTM-1 Edge Appliances
    Replies: 1
    Last Post: 2010-10-25, 07:01
  2. max remote access user with R65 on HP380 G5
    By suber in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2009-09-09, 11:51
  3. Remote user to External Lan/Site
    By jasomo in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2009-06-04, 11:39
  4. Remote VPN User cannot connect to distant network
    By hotice_ in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 8
    Last Post: 2008-02-12, 14:54
  5. Issues with Remote User Access?
    By PuRowdy in forum Check Point UTM-1 Edge Appliances
    Replies: 1
    Last Post: 2006-08-09, 00:00

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •