There are many factors that can contribute to the level of performance while working remotely.  Many of which are challenging for both the remote user and IT Support.  This article aims to help explain some of those performance factors in more detail.

Contributing Factors to GlobalProtect performance

Full Tunnel

The GlobalProtect VPN is a full tunnel VPN compared to the previous split-tunnel Cisco Anyconnect.  The difference is that on GlobalProtect all of the traffic leaving your GlobalProtect connected workstation is encrypted in route to the GlobalProtect gateway, then traverses through the PSU network to the Internet. Most modern hardware will not have an issue performing this task, but please note that there is some overhead while encrypting the traffic and sending it through the VPN tunnel.

Type of Application

The type of application you are using may also have an impact on your remote access experience.  Web-based applications usually do very well in VPN tunnels.  However, other applications such as Microsoft Remote Desktop are not nearly as robust.  When using remote desktop the host device screen is similar to frames of video.  Those video frames are sent over the network and redrawn on the remote host.  The underlying technology sends the entire frame, not just the components of motion within the desktop.  This is also why remote desktop should not be used to play audio and video content.  The content will be very choppy.

Your ISP

The type of ISP connectivity from your remote location will have an impact on your experience on the GlobalProtect VPN.  Most VPNs are latency sensitive and performance can be drastically reduced while using the VPN service.  Such types of ISP may include, but are not limited to, cellular networks (mobile hotspots) and Satellite Internet.  Network latency is the time it takes for data or a request to go from the source to the destination.  So it is completely possible to have a high amount of bandwidth, but it you also have a connection with high latency it would appear as if your connection is "slow".  The high latency is amplified while on the VPN because of encryption overhead.

Another possibility is network congestion on the ISP network.  Shared medium networks such as cable internet and wireless internet service providers (WISP) can sometimes have heavy network congestion during peak usage times.  We have a tool that can help identify network congestion, speedtest.psu.edu (https://pennstate.service-now.com/sp?id=kb_article_view&sysparm_article=KB0015188).

The speedtest tool can measure latency by using ping, which measures the time in miliseconds it takes to send network data to a destination and get a response.  The tool also measures jitter.  Jitter is the time delay or variance of sending network data.  For example, ping would be the time it takes you to drive to work with no traffic or delays.  Jitter, on the other hand, would be the time increase due to traffic lights, construction, or other delays.  Below is an example of what speedtest would report for acceptable network congestion.  Have you ever been on a call where others sound like they are in the matrix (voice or video artifacts)?  That is likely due to high jitter on your connection or the person's connection who is talking.  If you ping time is over 100ms and jitter is over 40ms, that could indicate some congestion on your home or ISP network.

Home Network Setup and Equipment

Home networks have certainly evolved over the years, especially with regards to wireless technology.  If you utilize wireless heavily in your home, or wherever you are connecting from, this can be a factor in VPN performance.  We are not advocating purchasing the latest and greatest equipment, however, we do want you to understand how legacy equipment can affect network and VPN performance.  Knowing what to look for is an important step.  Some of these are:

• What wireless standards technology does your equipment support?
  • https://www.networkworld.com/article/3238664/80211-wi-fi-standards-and-speeds-explained.html
• Does it support Multi-User - MIMO technology?
  • 2x2 or 4x4 MU-MIMO - This means that the wireless hardware can handle multiple devices sending and receiving data at once.  Older hardware cannot perform this well and can be attributed to the perception of a slow connection because each wireless device needs to "what it's turn" to send/receive data.  This is important if you have a lot of devices on your network.

Amount of devices on the home network

The number of wireless devices can have an impact on your home network performance, which also impacts VPN performance.   There is no sweet spot for the amount of devices on a home network.  That depends mostly on the wireless technology and equipment.  However, even the latest and greatest equipment can suffer if there are many devices on the home network.  IoT devices, home personal assistants, streaming services, appliances, etc… all continuously broadcast information.  Some even do a great deal more over the network than one might expect.  For example, someone in your home is streaming HD content, while a user is on the VPN and a Teams call, the IoT doorbell is uploading HD images every 20 seconds, and the home PC is backing up to the cloud.  This is an extreme situation, but as you can see how these use cases can impact a VPN connection(or any other connection in your home).  On top of that, if all the devices have to wait to send/receive data, you can see how those times can add processing delay to home networks.  Especially on older hardware.