VPN inconsistency and slow

We have get feed back from our branch office said that their VPN connection are inconsistent and sometimes is slow ad drop autocratically.

All the 7 branch office need to using VPN to access the application server in HQ ,each branch have 2 o 3 users only.We are setup VPN server in Window 2008 server and our firewall is Juniper SSG 5 and the internet speed in HQ is up/down 10MB.

I am thinking to purpose them to using fortinet 100D and setup the VPN gateway in fortinet 100D and upgrade the HQ internet speed up/down to 30MB then allow user access to the application server.Because my thinking is we suppose let the Application server running their own roles instead of need to run additional task like routing .But i not to sure that will improve the overall performance or not .Please advice my solution can work or have better solution to solve the issue.Please advice.Thanks
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

While the remedy you are considering is fine, the difficulty is that the issue could be at the branch network saturation. Do all branches experience the same issue? In this case, you should consider setting up a QoS on the HQ size to prioritize VPN traffic over other traffic outside voice if any this way your VPN will be guaranteed to be continuously connected.  
Similar setup in the Branch side would assure a better VPN performance.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Before trying to upgrade everything, you should try to find out which part causes drops etc. E.g. the SSG can be set up to use a policy for VPN related traffic, and use bandwidth monitoring. If you want to use traffic shaping and/or priorisation (as mentioned by arnold), you'll need the policy anyway.

I assume you are using a bidirectional PPTP tunnel via RRAS in HQ and branches? That is certainly not the fastest option, and not secure. The SSG can handle IPsec, which is much better suited, both in security, reliability and performance.
JohnBusiness Consultant (Owner)Commented:
I use IPsec and find it reliable (as noted above).

Don't forget that most Internet Services are high speed down and slow speed up (very slow). VPN is always using the slow connection and is usually slow. In that environment, IPsec is more reliable.

Look at MTU (Router setting) on all ends of the VPN set up and try 1492 or a bit less. Default is 1500 and fragments VPN packets unduly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.