Forum Discussion
Nikoolayy1
May 13, 2021MVP
I agree with the DTLS option should be tested.
I work with F5 and Palo Alto. The Palo Alto globalprotect gateway in many cases uses first ipsec on an UDP port and only when if it fails switches to TLS VPN over TCP. F5 APM Edge client supports TLS VPN and DTLS VPN. Think as F5 APM DTLS being the same as Palo Alto IPSEC over UDP which in many cases has better performance than TLS over TCP (the normal SSL VPN).
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXPCA0
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPY1CAO
I suggest also reading this for the Edge Client and a slow VPN: