FGT HTTPS Mgmt Access via IPSC VPN to Mgmt Loopback Interface is very slow!
We are managing multiple customer devices on remote sites via a dedicated mgmt ipsec S2S vpn (P1/P2 Shared-Secret, IKEv2, AES-256, SHA384, DH20, DPD enabled). The hub devices for this mgmt vpn is a FG-600D running FOS 5.4.4 and the spokes are FGT-60E's and FGT-100E's also running FOS 5.4.4.
The mgmt access via ipsec tunnel is on a dedicated mgmt loopback interface. When I try to access the FGT webui via ipsec vpn to the loopback interface it takes up to 10 seconds until the login window appears. We are managing multiple devices like this for the same customer and all devices have more or less the same delay until we are able to do a https login to the FGT. The funny thing is that after login the delay is not recognized anymore. When connecting over SSH we do not have any delay. Could that probably be a ipsec fragmentation issue?
When connecting directly from the internet on wan1 without ipsec (using local-in policies) then we will have no delay and the webui login form loads quickly.
Any ideas or suggestions?
Thanks a lot for feedback