Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Subscribers 27 subscribers
  • Views 5318 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Extremely high latency on incoming WAN connections (XG Home)

Oliver Harriman

Hi all,

I have been having an absolutely miserable time trying to connect from the WAN side of the firewall to the firewall or to the LAN. When trying to connect to anything on the other side of the FW, there is a 90% chance it will timeout due to extreme latency issues.

My setup is the software version of XG with a home license. When hosts in the WAN try to ping the WAN interface of the firewall or anything in the LAN, the pings get through, however the latency is anywhere between 200ms and 2000ms constantly. When devices in the LAN side ping the LAN interface, there is virtually no latency and no problems. In addition, when I ping the WAN gateway from the firewall, I am seeing between 100ms and 1000ms of latency.

I have followed step 4 in the following guide, however I can not see any issues on the interface and auto negotiate is working as expected.

https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/79041/troubleshooting-guide-for-xg

In addition, I have attached a PC in the place of the firewall, and when that is pinged, there is a constant latency of about 8-15ms.

I have ping enabled for the WAN interface of the firewall, as well as a temporary accept any any firewall rule with only NAT as a feature.

Does anyone have any idea what may be causing the latency issues experienced?

Kind regards



This thread was automatically locked due to age.
  • 0 in reply to Oliver Harriman

    Hi Oliver,

    Mine takes about 5 minutes before it is usable on a 100/40, took just as long on the 50/20, then the 5ghz SSIDs take another 5 minutes. Supposed to have been fixed a release or two ago.

    If you have an internal DNS which the XG points at that will slow things down as the XG DNS updates even if you are using IP. XG does not multi-task well when updating.

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    I think you are spot on the money with the internal DNS server.

    What I believe is happening is the firewall is requesting DNS resolutions from my internal DNS server which is in turn trying to forward the request to the external server.

    However the connection from the internal DNS outbound is so poor due to the dodgy connection it is just compounding, especially if the DNS requests are timing out at less than 2 seconds.

    With your advise, I have changed the DNS server on the firewall to an external one. I will make sure I time the unreliability next time I am required to reboot.

    The inability to multitask seems to be a massive drawback to a product I am otherwise enjoying quite thoroughly.

    I am hoping Sophos releases a patch soon that will perform the updates in a less gluttonous, more resource sensible way.

    Kind regards,

    Oliver