Slowness observed when doing file transfer via GlobalProtect IPSec tunnel on PA-5200 Series Firewall

Slowness observed when doing file transfer via GlobalProtect IPSec tunnel on PA-5200 Series Firewall

652
Created On 04/02/25 12:21 PM - Last Modified 01/08/26 17:58 PM


Symptom


  • Slowness is seen during file transfer( any protocol) via the ipsec/GP (ipsec). 
  • Firewall is not dropping any packet nor the latency being introduced. 
  • While checking the pcap from the client to the firewall transmit stage, you will notice the firewall is in inducing out of order packets.
  • if you notice the ip.id 1672 and below ( identification id ) the pattern shows that its not the the network introducing out of order. Its the firewall while transmitting the packet is introducing the out of order.
  • NOTE: Since we have to capture the packet while its being transmitted, you need to bounce the tunnel to get the keys to decrypt the ESP packets.

CLIENT pcap:

Firewall transmit stage pcap:

Environment


  • Palo Alto Networks 5200 Series Firewalls
  • PANOS above 10.0.x
  • GlobalProtect (GP)

Cause


Software Issue.

Resolution


  1. The issue is resolved under PAN-273141.
  2. Upgrade to one of the following PAN-OS will resolve the issue.
    • 12.2.0
    • 11.1.11
    • 10.2.17
    • 11.1.9
    • 11.1.6-h4
    • 11.1.4-h14
    • 11.1.7-h2
    • 10.2.13-h7
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000TpoICAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail