Forum Discussion
NimbostratusProtocol Profile (Client) / (Server)
Hi All,
Please suggest, In F5 SSL VPN Virtual server protocol profile (Client / Server) is need to be enabled. It's make any performance speed. Our current setting is Protocol Profile (Client) = tcp, Protocol Profile (Server) = (Use client Profile).
Please suggest on this.
Regards, Mariappan S
2 Replies
- Kevin_Stewart
Employee
A typical best practice for SSL VPN connectivity is:
Protocol Profile (Client): tcp-wan-optimized Protocol profile (Server): tcp-lan-optimizedYou can optionally enable any of the wam or wom optimized profiles, depending on your environment. In any case, you should see a significant difference in performance.
- Kevin_Stewart
It's difficult to say in a few sentences what a "best practice" is, given varying scenarios. The out-of-the-box LAN and WAN profiles are highly tuned. The WAN an WOM profiles are also very good, and if you actually have WA or WOM (no AAM) licensed, then there's even more you can do to optimize the traffic.
SNAT is useful in the SSL VPN the same way it is in a typical VIP environment. It's used to force return routing when there's a chance that servers can respond around the BIG-IP. I believe it's enabled by default when you run the network access wizard, so it's probably better to use it than to not use it, but again it depends on your environment.
