1.2101.00.1609 Slow VPN Upload with Global Protect

  • 8 November 2021
  • 4 replies


I know that the most recent firmware 1.2101.00.1609 fixed the work VPN issue. My work uses global protect okta and when I do a speed test I get anywhere from 20-35mbps down and always less than 1mbps upload (between .5 and .3 up). I know it is the T Mobile internet that has the upload issue because when I USB tether my cell phone service (Verizon) I can get at least 2mbps upload when connected to Global Protect. 

I am connected to B2 and N41 most of the time so I get download speeds of 200+ and uploads 30+. I know Global Protect really slows your actual speeds down by a lot.


Does anyone else experience these issues as well?  Is there anything I can do to have my upload speeds increase?



4 replies

Userlevel 4
Badge +5

My wife used the same VPN no issue full speed but I remember there was some post with some setting on the VPN to make sure it worked good. I will see if I can find the old post. You could just make note of your VPN settings and then make one change at at time see if any helps.

Userlevel 4
Badge +5

Found this about the version.


“It was really annoying, but currently my T-Mobile gateway firmware version 1.2101.00.1609 has no issues with GlobalProtect client version 5.2.8. Hooooooray!!”

Userlevel 2
Badge +2

There are MTU issues with Globalprotect. The best thing would be for your IT people to look into it, it probably needs to be lowered.

Userlevel 5
Badge +4

Agreed... you may have fragmentation issues.


Have your IT people verify/adjust to make sure the MTU is not exceeding 1420.  The "normal" size with the more traditional ISP model is 1500 or 1492.  TMO has additonal data it stitches in the headers because of their funky CGNAT/XLAT464 tunneling approach for dual v4/v6 networks.  That reduces the packet size that the client can push to the modem.


So the VPN may need to have it's MSS reduced another 40-80 bytes from it's default values to prevent the packets from getting cut into smaller pieces to make things go through TMO's network segments, which wastes a LOT of potential throughput.