Thread Info
  • State Verified Answer
  • +6 person also asked this people also asked this
  • Locked Locked
  • Replies 63 replies
  • Answers 4 answers
  • Subscribers 34 subscribers
  • Views 166308 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow downloads on smartphones connected over AP

Jelle

Hi,

we have a WiFi running for our smartphones mainly to update Android and apps. WiFi is offered through an AP55. Only smartphones can connect based on their MAC address. There is an own firewall rule for these connections with the following options active: HTTP scanning, block Google QUIC, detect zero day malware with Sandstorm, Scan FTP.

Unfortunately downloads are very slow. App updates take a long time and Android updates are canceled at a certain point by the smartphone itself.

As all updates are done over secure socket layer protocol and HTTPS scanning is not active I wonder what could be the reason. I checked the IP addresses that are used during update and always got to https://r3---sn-h0jeened.gvt1.com/ and https://r4---sn-h0jeened.gvt1.com/ so I excluded gvt1.com from HTTPS scanning, malware scanning and sandstorm. But also this showed no improvement on download speed.

Currently I wonder if the throughput of the AP55 is that slow?

 

Does anybody have any suggestions? Thanks.



This thread was automatically locked due to age.
  • 0 in reply to dja

    I can confirm that. A new wireless network has MTU 1500 until assigned to the AP. Then it has MTU 1450. Unassigning it from the AP has no effect, MTU still is 1450. So I have to delete all wifi networks (3 active networks) and then do what? Delete the AP?

  • 0 in reply to Jelle

    Hi,

    Seems like the config of the MTU is attached to the AP. 

    So delete the AP and try to attach it again to the AP. Should stay with MTU1500 and this will most likely resolve all your issues. 

  • 0 in reply to LuCar Toni

    do you work with a testing system? Would it then be possible to test this? Our XG and WiFi are productive system so I wouldn't want to test it on them.

  • 0 in reply to LuCar Toni

    manbearpig said:

    So delete the AP and try to attach it again to the AP. Should stay with MTU1500 and this will most likely resolve all your issues.  

    I'm not quite sure. I've used a dedicated AP and a new Wireless Network for testing. Both of them never have seen SFOS 16.05.2 before. But now I know where to look, so I'll test it again.

    Jelle said:

    dja do you work with a testing system? Would it then be possible to test this?

    Not really, but I think tommorow I will have some time for testing. :)

  • 0 in reply to dja

    Also possible to contact the Sophos Support. But i am not quite sure, which way is most likely the fastes. I would recreate everything, because it take only couple of minutes. Delete the Network, delete the AP, disable the Wireless Protection. Enable it and add the AP plus create the wireless network. 

  • 0

    TBH I don't expect MTU to be the root cause of your slowness. Google Play and some other on Android often used services doesn't play well with AV scanning or MITM of the proxy. Especially AV scanning might create delays which can interrupt downloads and let them fail

     

    I collected over time following list of UTL's, which I exculde from everything (HTTPS, Sandstorm and AV and Policy) in the web proxy

     

    ^([A-Za-z0-9.-]*\.)?ytimg\.com\/

    ^([A-Za-z0-9.-]*\.)?gvt1\.com\/

    ^android\.clients\.google\.com\/

    ^play\.googleapis\.com\/

    ^([A-Za-z0-9.-]*\.)?googleapis\.com\/

    ^connectivitycheck\.gstatic\.com\/

    ^([A-Za-z0-9.-]*\.)?googleusercontent\.com\/

    ^([A-Za-z0-9.-]*\.)?ggpht\.com\/

    ^([A-Za-z0-9.-]*\.)?youtube\.com\/

    ^youtubei\.googleapis\.com\/

     

    works fine for me. As I also have Sophos AV (SMSEC) installed on my android phones, bypassing those sites from scanning will not hurt too much. If your phone is updating via mobile networks, you're also no better protected ;o)

     

    /Sascha

     

  • 0 in reply to LuCar Toni

    manbearpig said:

    I would recreate everything, because it take only couple of minutes. Delete the Network, delete the AP, disable the Wireless Protection. Enable it and add the AP plus create the wireless network. 

    Not so easy. We're using many hotspot vouchers and I'm not willing to risk that all vouchers are getting unusuable.

    SaschaParis said:

    Google Play and some other on Android often used services doesn't play well with AV scanning or MITM of the proxy.

    In our case it's not limited to Google services. We're experiencing general Guest Wifi performance problems. Even if I download a Debian image. If we disable Scan HTTP and Web Policy the throughput is getting normal. As said, we're also using this two components in several other Network Rules, there are no problems with them at all, only in Separate Zone Wifi.

     

    I've just deployed a new AP and configured a new Wireless Network for it. Inital the Wireless Network has a MTU of 1500. After I've assigned it to the AP, the MTU is now 1450 again. :(

  • 0 in reply to dja

    You will most likely loose all your Voucher. So better open a ticket with the support for some help. 

  • 0 in reply to LuCar Toni

    manbearpig said:

    So better open a ticket with the support for some help. 

    Sadly Support says they can't change the MTU value.

     

    Since I've already configured a new Wireless Network on a new AP and it didn't work, who says it will work if we reconfiguring everything from scratch. :-/

  • 0 in reply to dja

    Do you have a support ticket id for  ? 

    I am just trying to help you with some hints.