This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - How to determine performance bottlenecks

Hi,

when using Sophos XG  (HW appliance or virtual machines): How can I determine that my machine is not in performance trouble?

Is there any guideline? When CPU comes over threshold? Or disk usage? Or or or?

Any checklist to walk through?



This thread was automatically locked due to age.
Parents Reply Children
  • Hi, sorry for delayed returning to that thread.

    When I will create an alert profile I need to know about which thresholds I will configure.

    And there I am back at my problems.

    What causes a system to become a bottleneck (and foremost why)?

     

    Best Gernot

  • No one can really know your network but you, is there a time you can have minimal usage and monitor the bandwidth, cpu usage, etc. etc..?

    Baselines-

    If there is, what I would do is watch with nothing going on, get an idea of a baseline (what resources are being used with most systems idling) then transfer some large files or upload some to a cloud share then download them and again check the usage to better understand how much is used with what you are doing.

    Remember testing can be creative, do you have a DMZ? If so have the DMZ computer download a file, while you are transferring a file from that computer to your lan or vice versa, maybe well some other computers are streaming YouTube to get an idea of what traffic would be like from your wan to lan when you have multiple users working.  Then multiple the results by how many actual users you have.  For example, when I test I typically have 5 computers streaming YouTube and a couple file transfers/downloads going on.  If this raises my CPU by 1% then I know that I could multiple that by 10 to get 10%

    5 You Tuber's + 2 Downloads =1%   

    1% * 10 = 10% or 50 You Tuber's + 20 Downloaders

    It is important to note that this is rough math however, actually more users in real time might get me to 13% instead of 10% depending on what the unique systems are actually doing but a 3% to 5% depending on how much you multiplying it by is a good adjuster to be safe. In other words for every 10% you may want to also add a few percent just to cover yourself until you get a better understanding from your baseline, tests and actual network monitoring.

    For more on baseline: https://www.garlandtechnology.com/blog/protect-your-network-know-your-baseline-traffic

    As for Alerts-

    Once you understand your baseline you can understand what would constitute an alert, all be it there are some obvious ones i.e. CPU usage at 85% or higher.  Some might say 80% some might say 90%, again depends on your hardware model and what you may or may not be stuck with.

    For example, I bought one model higher than what I thought I needed in case of growth, so my baseline should really never go above 70%.  

    Now onto bottle necks-

    Bottle necks are tricky and may not always be the firewall, they can include your ISP, Cabling, Switches, Routers, Servers & PC's (PC's are often the NIC or the count of PC's on one particular aspect, be it the switch or interface on the firewall, but again that can involve the PC count against the model of your firewall and its capability or throughput.) 

    One easy way to break down or find bottle necks is testing different areas of your network, basically point A to point B, did the speed look right, was there any other issues, if not you probably don't have one there and you can move on to test another area.  (Think of different areas on the whole path, meaning what switch is this using, are the devices on different sub nets, is this LAN to LAN or DMZ to LAN or LAN to DMZ or WAN to LAN or LAN to WAN to DMZ to WAN or WAN to DMZ?

    But there is a lot more to consider in bottle necks because they can depend on what your setup is and typically that can vary from network to network.

    Bottle Necks: www.garlandtechnology.com/.../protect-your-network-know-your-baseline-traffic