Jump to content
Welcome to our new Citrix community!

VPN Performance Assistance - TCP Profiles

Rowen Gunn

Recommended Posts

I'm trying to build a TCP profile for high performance on our new VPX based SSL VPN. I've tested a few profiles and can see wildly different results in file copy performance. This is a new VPX build that mostly is just used for VPN and attached to a 10Gb circuit.


So far I've found...

  • Using no TCP profile, aka leaving default in place, file copy speed is around 2Mbps with no pauses or drops.
  • Using the TCP profile here: CTX232321 I get around 6-8Mbps steady speeds with no pauses or drops
  • Using the nstcp_default_WAN_profile TCP profile I get burst speeds up to 30+ Mbps but then huge pauses and drops during file copy
  • Using the nstcp_default_XA_XD_profile TCP profile I get a steady 6Mbps with no drops or pauses during file copy
  • Using the TCP profile again from CTX232321 but with double or triple the TCP buffer I get 20+ Mbps but again huge drops in file copy and pauses
  • Using the TCP profile nstcp_default_tcp_lfp I get around 1.5 Mbps file copy speed
  • Using the TCP profile nstcp_default_tcp_interactive_stream I also get around 1.5 Mbps file copy speeds


There's clearly VERY difference performance depending on which TCP profile I use. So far the most "stable" seems to be the recommended one from Citrix however I can tell from testing I could get this VPN up to 30Mbps or higher. What are the "best" or highest performing TCP settings I can use for my users? I'd like the VPN to use as much bandwidth as the user's home ISP will allow for my remote workers. I'm not worried about RAM consumption, this NS has 16Gb of RAM and under heavy load is using 20% or less RAM.

Link to comment
Share on other sites

  • 3 months later...

Hi - Just wondering if you ever got anywhere with this?


We've had our SSLVPN in place now since the middle of 2019 and while in the main it works well; Performance I feel could be improved upon. 


I gave up at the time trying to fine tune and didn't get anywhere with support either. The biggest issue we have is performance of applications that connect to databases.


Interested to know if you succeeded. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...