Hi All
Thanks to your posts here, our firewall is working fine.
I work at a company using the Sonicwall NSa3700.
We did a recent update to the firewall firmware, version 7.1.1, but we’re having issues.
When we use SSL-VPN, Internet speed super slows down a lot or disconnects.
Can you help me figure out what might be wrong?
I’m new to this and would really appreciate your assistance.
get-netadapterrsc
disable-netadapterrsc -name “devicename”
usually it’s “wi-fi”
get-netadapterrsc
disable-netadapterrsc -name wi-fi
This can be a number of things.
First some clarification is needed. When you say internet speeds slow down are you talking egress traffic from LAN to WAN when someone is on the SSL VPN, or are you saying that a remote device when connected through the SSL VPN is experiencing slow internet speeds?
Thanks
Was it working fine before the update?
It sounds like you have Tunnel All Mode enabled, which will significantly slow down internet speeds on client devices when connected.
Here’s a link that shows how to turn it on and configure it, so you could do the reverse to turn if off (if you don’t want / need it on)
How can I allow SSLVPN users access to the Internet when using tunnel all mode? | SonicWall
I’m proceeding with the test as you told me.
I’ll let you know if this works. Of course, I firmly believe you let me know because you’ve worked with this command.
When a company employee connects to an SSL VPN, the Internet slows down rapidly on that device.
I’m testing one employee with the command you told me in the comments above.
Tunnel All Mode is enabled in our firewall.
So you have to disable this, right?
What is the difference between enabling and disabling Tunnel All Mode?
Tunnel All Mode forces all network traffic (including internet traffic) through the SonicWall. So if you only get 10 Mbps over the VPN to the Corp LAN, you will only get that to the WAN. Turning it off will split the traffic, so only Corp LAN traffic goes over the VPN and internet traffic goes directly out through the client’s ISP.
Split-mode will not apply firewall policies to WAN traffic on remote devices, so you would be bypassing things like SSL-DPI, Gateway AV, Content Filtering, etc.
Depending on your setup, split mode may also require more granular configuration of routing. For instance, if you have multiple networks at the office, you need to individually add them to the VPN client settings.
Also, if your office network uses a common subnet (like 192.168.1.0/24), home users with that home subnet will have problems when connected to the VPN in split tunnel mode.
Adjusting the setting shouldn’t be done without fully understanding the implications.
Thank you
When I disabled this “Tunnel All Mode”, everyone came back to normal speed, and the VPN is not disconnected.
Thank you.
However, it is said that there is an intermittent slowdown when some users use in-house systems. Should I update the VPN program or use another program?
I would definitely update the SSL VPN client to the latest version. As for other slowdowns, there’s not much I can say without knowing more about the environments.
If it works well for some users and not others, it’s most likely the users having problems either have poor internet connectivity or IP conflics, like I mentioned previously.