Improve upload/download speed of SSL VPN users
The Datagram Transport Layer Security (DTLS) protocol is supported for SSL VPN connections.
DTLS tunneling implementation avoids TCP over TCP issues and can improve throughput. DTLS support can be enabled in the CLI as described below:
To configure DTLS tunneling - CLI:
config vpn ssl settings
set dtls-tunnel [enable | disable] (default: enabled)
end
VPN options on forticlient
To configure VPN options:
1. Go to File > Settings from the toolbar, and expand the VPN section.
2. Select Enable VPN before logon to enable VPN before log on.
3. For the Preferred DTLS Tunnel option, do one of the following:
a. Select the Preferred DTLS Tunnel checkbox to use DTLS if it is enabled on the FortiGate. If DTLS is disabled on the FortiGate or tunnel establishment is not successful, TLS is used even if the Preferred DTLS Tunnel option is enabled in FortiClient. DTLS tunnel uses UDP instead of TCP and can increase throughput over VPN.
b. To use TLS, ensure the Preferred DTLS Tunnel checkbox is unselected.
4. Click OK.