SRX Services Gateway
Highlighted
SRX Services Gateway

Is QOS / COS / VPN Session affinity configurable to maintain stability of VPN connection for SRX 240?

‎05-03-2020 07:16 PM

Hi All,

 

Would like to know if QOS / COS / VPN Session affinity configurable to maintain a consistent stable connection for pulse secure VPN with the SRX 240 being SSL VPN server ? 

 

The SRX240 is the gateway as well as the VPN server and quite often it is noticed that users keep dropping off the VPN and sometimes take long time to reconnect.  Basic factors like bandwidth on the gateway, link condition etc was checked and no such issues were seen. Debug just shows the typical session flow that happens for the connection setup etc albiet bit of delay but the reason for delay etc is not detectable as such.

The users are all home based and connect over their internet and their internet speeds during the issue was checked and no such slowness or drops were seen. 

 

So i was researching to see if there is anyway to configure COS / QOS to priortize VPN sessions ?  

 

VPN is pulse secure over Juniper SRX 240, Firmware is 12.x44-D35.5

 

 

 

 

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Is QOS / COS / VPN Session affinity configurable to maintain stability of VPN connection for SRX 240?

[ Edited ]
‎05-04-2020 04:13 AM

Hello,

 

In which part of the world Your VPN users are located? Nowadays there are very few countries that do NOT do Deep Packet Inspection on their residential internet traffic, and Pulse using IPSEC over UDP/4500 for data transfer makes it a prime candidate for such inspections. Not for on-the-fly decryption (not yet possible) but for policing/deprioritising "known encrypted" ports, and in case of very advanced DPI also "unknown|undefined encrypted" ports.

If that's the case, I doubt that any QoS/CoS would improve Your VPN user experience.

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
SRX Services Gateway

Re: Is QOS / COS / VPN Session affinity configurable to maintain stability of VPN connection for SRX 240?

‎05-05-2020 05:40 PM

Hi,

 

Thanks for your reply, so i infer that it is not possible to priortize VPN traffic to ensure stable connectivity. 

Users are co-located in the same city as the infra that they access over vpn.  But nevertheless, is there anything that can be tried to check if it betters the experience ? 

Highlighted
SRX Services Gateway

Re: Is QOS / COS / VPN Session affinity configurable to maintain stability of VPN connection for SRX 240?

[ Edited ]
‎05-05-2020 08:04 PM

Hello,

 


@techvin030 wrote:

 

Users are co-located in the same city as the infra that they access over vpn. 

 

But is Your ISP infra is also confined to that city? Large ISPs have BNG farms geographically spread all over the country and do load-balancing all the time so Your residential users may be in e.g. London but BNG they are connected to could be in e.g. Sheffield, 250 miles away. This means 500 miles roundtrip for Your VPN connections and a dozen or so nodes to cross. That delay Your are experiencling could be partially attibutable to such roundtrip.

 

 


@techvin030 wrote:

 

Thanks for your reply, so i infer that it is not possible to priortize VPN traffic to ensure stable connectivity. 

 



You can really prioritize traffic no further than exit from Your SRX, and that's it. 

If You want to prioritize it further, talk to Your ISP about getting a business internet access package.

 

HTH

Thx

Alex

 

 

 

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !