Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 13760 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP scan downgrade the Wifi speed from M to K bits with iOS device

ShunzeLee
Dear All,
Our client faced a issue on HTTP scan and Wifi.
When enable HTTP scan, it will downgrade the Wifi Speed to K bits with iOS device.
 
I have upgraded the AP firmware to 11.0.005, but it can not resolve the issue.
 
Only uncheck the HTTP scan make the speed to M bits again.
 
Malware and Content Scanning as following.
 

I have opened a case, but support team haven't contacted me yet...

Any suggestion?

XG Firmware: SFOS 17.1.2 MR-2
AP Firmware: 11.0.005
 
Shunze 


This thread was automatically locked due to age.
Parents
  • 0

    Hi Shunze,

    what does the advanced settings tab show? Also what do you see in the IPS DOS tab?

    Ian

  • 0 in reply to ShunzeLee

    Hi Shunze,

    I have my APs at the higher throughput setting. My experience with the AP55 and MAC and iPad is the take awhile to ramp up during downloads and do show very poor performance unless big file is moved.

    Om 2.4ghz most devices idle at 72mb/s where as on 5ghz the MACs idea at 24mb/s with the wider bandwidth channels. Previously they idled at 6mb/s.The iphones on the other hand connect at about 300mb/s and quickly ramp to over 600mb/s just checking mail.

    The w10 machines connects most of the time at over 300mb/s on a 5ghz SSID.

    I hope this helps a little bit, but for any further digging you will have to wait until a support mod checks in or the product support team ring back.

    Ian

  • 0 in reply to ShunzeLee

    I am having the _exact_ same issue. My configuration is identical with only two exceptions - I'm running AP100 and AP15 and do not have client isolation enabled.

     

    I've tried every permutation of settings (on/off) but cannot resolve it. I get decent to great 'download' speeds (i.e. server on LAN -> Wireless client), but absolutely horrendous (kb/s) 'upload' speeds (i.e. Wireless client -> Server on LAN). Does not seem to matter the protocol - can replicate with CIFS, SCP, HTTP and HTTPS.

    Does not matter the client - Asus AP (bridge mode); Dell / Windows 7480; New Macbook Pro; Macbook Air; iPhone; iPad; Surface Tablet ... they all exhibit the same behavior. 

    Please advise! Perhaps instructions on how to 'downrev' AP firmware to something more stable.

  • +1 in reply to Shane Painter

    Dear All,

    Sophos has identified the issue was a bug.

    The TSO should be off on ethtool.

    TSO: TCP segmenation offload.

    TSO is to offload TCP segmentation to NIC; CPU doesn't perform TCP segmentation anymore, to save CPU resource.

     

    But when create virtual Wifi NIC (Separate Mode), the value is on.

    That makes the issue happened.

    Workaround as following,

    Log on XG firewall SSH terminal using admin account. Once authenticated, you will be presented with the Sophos Firewall console menu.
    Go to 5. Device Management > 3. Advanced Shell, and run the following commands
    ethtool -K Rock_User tso off
    ethtool -K Rock_User5 tso off
    ethtool -K GuestAP tso off
    ethtool -K GuestAP5G tso off

     

    Shunze

  • 0 in reply to Jelle

    Sohpos knows the issue. but they didn't tell us which version of firmware will fix it.

    No word for Sophos...

  • 0 in reply to ShunzeLee

    Hi ShunzLee,

    I think I can see why my APs work "correctly" and some of the others don't. The failing setup appears to use virtual WIFI while mine are connected physically, if you understand what I mean?

    Ian

    Fixed spelling and word placement so sentences make sense.

  • 0 in reply to ShunzeLee

    I do not have Rock_User or Rock_User5 devices (I assume these are your Wireless SSIDs) ... Further, I do not have any devices named after my SSIDs;

    I have the following interfaces:


    - GuestAP (applied 'ethtool -K GuestAP tso off')

    - Port1 (LAN interface - did not touch)

    - Port2 (WAN interface - did not touch)

    - vxlan3 (applied 'ethtool -K vxlan3 tso off')

    - vxlan3.101 (applied 'ethtool -K vxlan3.101 tso off')

    - vxlan4 (applied 'ethtool -K vxlan4 tso off')

    - vxlan4.101 (applied 'ethtool -K vxlan4.101 tso off')

    - ipsec0 (assumed ipSec only interface - did not touch)

    - imq0 (appears to be for QoS - did not touch)

    After applying the command to what I assume are the appropriate interfaces, performance has actually gotten worse. The speedtest tool on my server now does not even register 'upload' speed. I've also confirmed file transfers behave the same, poorly then fail altogether.

    For now, I have attempted to reverse the commands above, and receive the following output:


    SFVH_SO01_SFOS 17.1.3 MR-3# ethtool -K GuestAP tso on
    Could not change any device features

    This suggests the initial command (ethtool -K GuestAP tso off') did nothing. The other vxlanX interfaces saw the 'tso on' command complete successfully. 


    Please advise. Thank you.

  • 0 in reply to rfcat_vk

    There is a "new" bug ID. Seems like it will be fixed in V17.5 MR1. (so basically next release). 

  • 0 in reply to LuCar Toni

    Is there a workaround in the mean time?

     

    The referenced posts call to ifconfig <wifi name> ... I've no interfaces that match my wifi ssid. Which is the correct device(s) - Can someone confirm please?

    When should we expect the next release?

  • 0 in reply to Shane Painter

    You should perform ifconfig. 

    Check all Interfaces - Separate Zone should create an own interface. https://linux.die.net/man/8/ifconfig

    Something beside your Port/eth interfaces. 

Reply Children
No Data