VPN or Your Home Network/ISP

I'm curious with all of the remote workers these days, one of the big outstanding issues at my company is that 1% that have consistent VPN issues; disconnects, slowness, etc..  Now we know that the VPN client isn't very tolerant to packet loss.  I'm suspecting this a pretty hot topic across the country these days.  Our management has us on a constant chase for the tool that will provide insight from the users workstation network perspective.  Any of you having these same conversations and what solutions or ideas have come up?

  • What kind of VPN devices do you have?  Is it a single box, or multiple?  If multiple, is there a load-balancer in front of it, like Pulse Secure offers something called a "traffic manager"?   Or maybe an F5?

    We had our pulse secure VPN boxes configured with a pair of traffic managers in front, and while the actual VPN boxes were fine, the traffic managers couldn't handle the load.  We moved to round-robin DNS load balancing instead and quite a few issues went away and nearly everyone is enjoying significantly better speeds too.  The load balancing might not be perfect, but its pretty darn good, rarely see one box having a significantly higher load than the others.

    More details on your environment might help?

  • Sorry, we use F5 and the BigIP Edge Client.  We've spent quite a bit of time working with F5 as well and honestly I think the F5 is performing good now.  I believe at this point we're looking at the endpoints and their networks/ISPs more likely.   I was just curious if anyone else was having to work to prove whether or not it was corporate network/infra vs. end users home network/ISP and if so how they were doing that.   Management would like some (monitoring tool preferred) that could be used to determine the health of the endpoints network.  I've thought of and tested all sorts of things.   Such as the speedtest.net speedtest powershell script running on agent on a workstation,  HTTPS Monitors from the endpoint to both external and internal locations.  While those two things can be used to provide some insight I was curious if there was more I could be doing, others are doing with NPM/SAM and the likes.