Is QOS / COS / VPN Session affinity configurable to maintain stability of VPN connection for SRX 240?
Would like to know if QOS / COS / VPN Session affinity configurable to maintain a consistent stable connection for pulse secure VPN with the SRX 240 being SSL VPN server ?
The SRX240 is the gateway as well as the VPN server and quite often it is noticed that users keep dropping off the VPN and sometimes take long time to reconnect. Basic factors like bandwidth on the gateway, link condition etc was checked and no such issues were seen. Debug just shows the typical session flow that happens for the connection setup etc albiet bit of delay but the reason for delay etc is not detectable as such.
The users are all home based and connect over their internet and their internet speeds during the issue was checked and no such slowness or drops were seen.
So i was researching to see if there is anyway to configure COS / QOS to priortize VPN sessions ?
VPN is pulse secure over Juniper SRX 240, Firmware is 12.x44-D35.5
Re: Is QOS / COS / VPN Session affinity configurable to maintain stability of VPN connection for SRX 240?
[ Edited ]
In which part of the world Your VPN users are located? Nowadays there are very few countries that do NOT do Deep Packet Inspection on their residential internet traffic, and Pulse using IPSEC over UDP/4500 for data transfer makes it a prime candidate for such inspections. Not for on-the-fly decryption (not yet possible) but for policing/deprioritising "known encrypted" ports, and in case of very advanced DPI also "unknown|undefined encrypted" ports.
If that's the case, I doubt that any QoS/CoS would improve Your VPN user experience.
Users are co-located in the same city as the infra that they access over vpn.
But is Your ISP infra is also confined to that city? Large ISPs have BNG farms geographically spread all over the country and do load-balancing all the time so Your residential users may be in e.g. London but BNG they are connected to could be in e.g. Sheffield, 250 miles away. This means 500 miles roundtrip for Your VPN connections and a dozen or so nodes to cross. That delay Your are experiencling could be partially attibutable to such roundtrip.