Here’s a common scenario I see in enterprise networks:
Users complain:
Voice breaking
Video freezing
High latency on Teams
But everything works fine when they’re off VPN.
So what’s really happening?
When Teams traffic goes through GlobalProtect, it often follows this path:
User → GlobalProtect Tunnel → Data Center / Hub → Internet → Microsoft O365
This means:
Traffic is backhauled to the corporate DC
Extra hops = extra latency
Real-time apps (voice/video) suffer the most
This is an architectural issue, not a bandwidth issue.
The real problem:
Teams is a cloud-native SaaS app, but we’re forcing it through an on-prem security path.
Recommended ways to cut the latency
1. Enable Split Tunneling for O365 Let Teams traffic go directly to the internet instead of the VPN. This removes unnecessary hairpin routing.
2. Use GlobalProtect with Prisma Access (Cloud SWG) User → Nearest Prisma POP → Microsoft
No data center backhaul.
3. Use SD-WAN + Local Internet Breakout Branch users exit locally while still being secured.
4. Whitelist Microsoft O365 URLs/IPs So Teams traffic avoids full inspection paths.
Architect mindset takeaway:
If your users are in the cloud, but your traffic is forced through the data center — latency is guaranteed.
Design for user-to-app, not user-to-DC.
No comments:
Post a Comment