Wednesday, March 24, 2021

VPN connection from client in another country is very slow, any ideas?

Hi everyone,

I'm the only network engineer at this company and so I have no one else to bounce ideas off of, so I'm coming to you, r/networking. The company I work for is in Germany, we have 2 Palo Alto Firewalls and we use GlobalProtect as our VPN with a gateway on both PAs (one is physical on site and the other is a VM in a cloud). The company hires a few people living in other countries and they just work remotely. I've never heard any issues with this until this week. Someone working from Uzbekistan cannot reach any of our internal sites.

After a lot of investigating, we found that the connection through the VPN is so slow that the DNS requests come to late or not at all and after a failed request from our DNS his PC sends a request to his local modem, which obviously only resolves external sites. I checked on the PA for his public IP that his connecting with for GlobalProtect and checked the security logs from that IP and more that half of the connections are being dropped because of no answer. So I'm now thinking that his internet or the connection from his country to us is just not good enough, but he can quickly resolve and load any other German/European websites.

Is there anything I can even do here? It's odd to me that he can easily reach other pages in other countries but only our GlobalProtect connection is bad. It's also good to note that the 2 PAs don't use the same internet, because one is in the cloud it just uses whatever that cloud provider has. Otherwise I would have contacted our internet provider to see if they had anything going on that could be causing this.

Any ideas are greatly appreciated. I'm hitting a wall here and you are my last hope for fixing this.



No comments:

Post a Comment