Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
We'd love to hear about it! Click here to go to the product suggestion community
In reply to BAlfson:
In reply to ThomasBall:
it would be helpful if someone can tell us the experience in Performance in SSL over IPSEC Side to Side VPN.
I currently have the feeling that SSL is not having a great performance instead of IPSEC.Thanks,Klaus
In reply to KlausHahn:
Now the Community knows that performance depends on several things.
If you really want the SSL VPN to be slow, use the TCP protocol and a 4096 key length.
If you want to get the best performance you can from IPsec, get a device with a CPU that supports AES-NI and use a Policy like:
Cheers - Bob
Thank you for the Feedback Bob.
Maybe my spelling was a bit wrong. I have two UTMs and I want to have the best possible Side 2 Side VPN between them in the topic of performance / speed.My experience was that SSL VPN between two UTMs is not that having great performance. So the idea was to switch to IPSEC. Before switching I just wanted to know if IPSEC will have more speed between two UTMs.Thanks,Klaus
Yes, Klaus, using the IPsec Policy I recommended above will be faster than the SSL VPN Site-to-Site. If you don't have a CPU that supports AES-NI, use "AES 128 (128 bit)" for the encryption algorithm.
What devices do you have running UTM?
How are you measuring the performance and what were your results with the SSL VPN and then with IPsec?
I have a SG115 on one side and an ASG320 on the other.Just did a testing of your recommend policy AES 128 on IPSEC and the speed I'm getting was around 1MB/s. With SSL I was having between 6 to 12 MB/s.
Testing with a standard SMB copy of a 100GB file.
Seems like SSL is truly better performing between these two UTMs.
By the way.. On the data sheet on both devices it will tell you Throughput details for VPN.
UTM 320 = 80MB/s
SG 115 = 42,5MB/sNot sure if this is only theoretical data...
I would have expected a much faster connection, Klaus. What happens if you copy directly from one device to the other instead of using a file share. I would try this using RDP.
You might be interested in reading Slow large file copies via file-share, but fast if using http (both with IPSEC VPN) from a couple years ago. Let us know if you try any of the suggestions in the various posts and what you end up with.