In article , wrote: :I'm a newbie when it comes to networking equipment, but I have a :question. How can the data transfer rate in a secure connection between :one firewall and another firewall be increased? I believe we have :establish some sort of vpn connection between the two.
:I assume the parameters in this case might be :1) The internet data lines connecting the sites :2) The processing power of the devices doing some sort of :encoding/decoding on both sides of the link.
:I'm just clueless as to where the bottle neck resides.
If you are seeing 1/2 to 2/3 of the maximum performance, then you might be fragmenting packets, and your MTUs may need to be adjusted (or Path MTU Discovery turned on.)
If you are seeing -very- poor performance, especially in one direction, then there is likely a duplex mismatch.
The kind of encryption you choose can make a difference, especially if the encryption you choose does not happen to be one of the ones that is hardware-accelarated. And hardware accelaration can be funny -- they might have optimized a particularily common type of encryption more than a less-common but less complex encryption.
If you have AH (authentication header) turned on, or are using NAT-T (Nat Traversal) then there are additional processing overheads for the IPSec encapsulation.
Latency can be a real bug-bear. On a particular 1000-mile long link that we have, when we measure the throughput we find that it is close to the maximum expected, but the latency is high enough that doing interactive X Windows graphics work is painful.
For larger transfers, latency effects can be reduced by using larger windows, including possibly by using the tcp window-size extensions.