crypto boost-tcp: how to use it

mMontana

With ZLD 5.10 some "boost" of IPsec VPN was delivered to device which had it. So no USG40, USG40W, USG60, USG60W currently, but for USG20-VPN and USG20W-VPN.

How to sensefully use it?

• Is it useful enable it on only one endpoint if the other one is not capable? Example: USG40 on client side, USG20-VPN on the server side, enable it only on server side could be useful?
• Is it useful enable it the device is an L2TP server for roadwarriors connections?

Thanks for your time.

CHS

It looks only supprot in 5.10 firmware. The other models without 5.10 version.
In Site-to-Site scenario, of cause it has to apply in both of devices.
This command should works in all of VPN tunnel.(Not only site to site VPN)

mMontana

Thanks @CHS, i had the same impression. But I'd love a statement from Zyxel representatives.

mjr

any updates for the activation of "crypto boost-tcp" in future releases?

DimSum

With ZLD 5.10 some "boost" of IPsec VPN was delivered to device which had it. So no USG40, USG40W, USG60, USG60W currently, but for USG20-VPN and USG20W-VPN.
How to sensefully use it?

• Is it useful enable it on only one endpoint if the other one is not capable? Example: USG40 on client side, USG20-VPN on the server side, enable it only on server side could be useful?
• Is it useful enable it the device is an L2TP server for roadwarriors Sonic exe connections?

Thanks for your time.

But how to turn it on?

mjr

https://support.zyxel.eu/hc/en-us/articles/4451699825938-Firewall-Increasing-Throughput-Speed-Boost-for-WAN-and-VPN

mjr

How to enable/disable the enhancement:

To enable the enhancement by CLI command, use:

Router(config)# crypto boost-tcp

 

To disable the enhancement by CLI command use:

Router(config)#no crypto boost-tcp