Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 36 subscribers
  • Views 12402 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home: WAN Poor performance with or without IPS and other Filters

lferrara

I am getting mad but now at the new house where I have 100Mb on WAN side, I am only able to reach 10 Mb (if I have any any rule) and almost 4 Mb if I have decrypt and scan, ips, web and app filters on. With all on, upload test fails.

Dear Sophos (ALAN, Michael Dunn, etc....), I will move back to UTM in a couple of days.

Of couse bandwidth and logs help a lot on XG.

Skype calls do not work. Using SSL VPN, I am not able to reach any HTTPS internal sites (Even the XG Admin Page).

URL filtering? ADS are not blocked and this is an innovative product...next generation...I really had enough.

I will come back to XG on v18.

Here some screenshots:

Internet speed without XG

Internet with any any

Internet with all filters on

Reports:

System runs on 4 GB of RAM and an Intel(R) Atom(TM) CPU D2550   @ 1.86GHz. It does not seem a performance issue.

So Sophos explain why performances are so bad!



This thread was automatically locked due to age.
  • 0

    Hey Luk left the force be with you,

    have you checked your MTU settings on your external interface and does the modem do auto negotiation?

    Are you using the same cable, maybe it is not suitable?

    Ian

  • 0

    Hey Luk,

    I know oftentimes "it works for me" type posts aren't helpful, but just wanted to share that I also have 100/100Mbps WAN via fiber at work, connected to an XG210, and this is what I'm seeing with full IPS, HTTPS Decrypt and Scan, malware scanning, etc. enabled:

    If I pull the XG off and directly connect to a PC I get just about the same results so the XG is passing packets at near wire speed.  Not sure how to explain the poor performance you're seeing, seems like you should not be having that dramatic of a speed problem.  

  • 0 in reply to rfcat_vk

    Ian,

    If I connect directly via cable to Modem, I even get better performance than modem wifi.

    Modem does auto-negotiation.

  • 0 in reply to Bill Roland

    Thanks Bill.

    I cannot buy a XG210 at home only for me....4 GB of RAM should be enough to get at least 40/yard cunt punt††† 5******************† Mb and not only 10%.

    Sorry guys but I am really ungry!

  • 0

    That is odd, I have an XG 85 at home, I have 200 MBPS pipe.  Now direct connect I will get close to 200 MBPS, over Wifi I get around 80 but I contribute that to the device.  I do not see why you are getting such slow speeds with your setup.  Maybe hardware or some other fluke???

  • 0

    What speed is the wan interface set to? Maybe a failing ethernet cable perhaps?

  • 0

    Did anyone figure out this issue? I'm currently seeing the same thing. i am down though to 2/3M up/download speeds. I've gone over MTU, cables and physical connectivity and all looks well. Granted this is an add on Intel 4 port NIC card but between the card and the PC's bus, 4GB of ram w/ an i3 cpu, this would be able to do the 100M no problem

  • 0 in reply to Joe DeVito

    I just tried with the latest version of XG. Using speedof.me I achieve my link rated speed. Using speedtest.net I have to add an open firewall rule otherwise it fails even if I use FQDN in the destination addressing.

    Speedtest.net returns 93 (100)/ 36 (40). I do rack up lots of Syn flood IPS errors.

    Ian

  • 0 in reply to rfcat_vk

    First try to apply the fix from this thread here

    And then hunt for MTU, DoS (flood) protection and other pssible mismatches.

    D2xxx Atoms are absolute low end hardware, but even with those you easily should achieve 200MBit++ throughput on XG with small tweaks as the mentioned one (and avoiding possible misconfigurations as DoS protection with default values)

    And XG (and also UTM) aren't "adblockers" per design. They can be partly, i think i also made in the past a thread to this matter, but for that usecase a ublock, disconnect and other browser plugins brings way better results due deep filtering directly in the browser.

  • 0 in reply to SaschaParis

    Hi Sascha,

    I had a big input to that thread. I am not sure why today I have an IPS issue for speediest.net, but I suspect that was caused by the site using links that are not part of its FQDN.

    I don't have an issue when using speedof.me and I have tuned my IPS as recommended by one of the Sophos forum support staff a number of months ago.

    Ian