This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SecurityNed
Collaborator
a week ago

Checkpoint VPN Slowness issue

Hello everyone,

We are facing a performance issue with a new VPN deployment. The VPN connection is successful, but remote users are experiencing extremely slow access to internal resources, such as file servers. It's taking a very long time (several minutes) to open even a small file.

We have already tried adjusting the MTU value on the external interface, but this caused stability issues on the local network, so we had to revert the change.

Has anyone encountered a similar issue with a new VPN deployment? What are some of the common causes for this kind of slow performance, and what troubleshooting steps would you recommend?

Any insights or suggestions would be greatly appreciated.

Thank you.

2 Replies
Lesley
Authority Authority
Authority
a week ago

Most of the time it is because you use slow encryption methods like 3DES. Share please from Smart Console -> Global properties -> Remote Access -> VPN - Auth -> Edit 

I would change to: aes256 and sha256 for p1 and p2! Older clients might not be able to connect (ancient versions)

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
a week ago
In response to Lesley

With the following command you can test and compare all encryption methods. After these results I would always recommend to activate AES-NI and AES is preferred to 3DES because it offers many performance advantages through the hardware acceleration. 

Warning notice: If you execute this command you have 100% CPU usage on the gateway for a long time!

# cpopenssl speed

More read here:
R8x - Performance Tuning Tip - AES-NI


➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events