Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 27 subscribers
  • Views 6209 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 17.5 and Slow Downloads with Intrusion Prevention active

Björn Ebner

I do have the impression, that Downloads a slower with Sophos XG 17.5 than with previous Versions.

When I do a speedtest (my WAN Speed is 100/40) I only get about 40/30.

I tried Speedtest on Speedtest.net from a Cabled PC.

When performing the Speedtest the CPU gets to about 90 - 100 % mostly used by IPS (Snort)

I think that this wasn't like this before Sophos XG 17.5 in previous Versions.

When I disable Intrusion Prevention I do get normal speeds.

Any idea?

Update:

I tested it also with a Sophos XG 115 on 200/100 WAN with IPS activated but there I couldn't see this issue.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Björn Ebner

    Hi Bjoern,

    I have some more things to look at.

    I tried changing my ISP setting to the default LAN to WAN and the change made no different to my 100/40 download. I did create my own IPS policy by removing all the signatures for not needed systems eg line, mail server, windows servers etc.

    What is the CPU on your XG?

    Please review the Reports -> Network and threats tab to see if there are any specific IPS rules that are being triggered?

    Other that I am running out of ideas and will need to have one of the more technical mods review your posts.

    Ian

  • 0 in reply to rfcat_vk

    With V17.5 we changed the IPS Pattern to Talos.

    https://community.sophos.com/kb/en-us/133197

    Can you check, whether they got installed or not? 

  • 0 in reply to rfcat_vk

    The Board is a Intel BLKD2500CCE with integrated Intel Atom D2500.

     

    Maybe it's a little bit outdated now. I had this hardware since I installed Sophos UTM first time at home and it served me well up to now.

     

     

    In Reporting I only see several OS-WINDOWS Microsoft Windows Hyperlink Buffer Overflow (POST) attacks. In this case the source is an iPhone.
    So nothing from the PC I do the Speedtest on.

    Update:

    Talos IPs Patterns are installed

  • 0 in reply to Björn Ebner

    Hi Bjoern,

    the chip is a little dated and only dual core. This will limit your performance when adding rules.

    When running a speediest what does the XG GUI show for load and memory use?

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    when performing a speed test CPU is at about 90% (mostly snort) and RAM is round about 50%

    Bjoern

    Update:

    I upgraded to a Sophos XG 115 Rev2 now.

    Overall Performance seems to be much better.

    Only when activating IPS I don't get the full 100MBit Download in Speedtest.net

    Other Speedtests and Real Downloads are fine.

    Anyone with similar experience?