This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow internet using SOPHOS XG115w (SFOS 17.5.0 GA)

Felix Mbwillo over 6 years ago

Before we were not using SOPHOS, the internet was not passing through SOPHOS and it was very faster.

But after install SOPHOS now internet is too much slow. So i don't know what is the issue..?

And if i tried to Disconnect SOPHOS and use direct internet its becoming faster again...!

Please i just need your help, if any one knows the solution,will appreciate..!

This thread was automatically locked due to age.

Parents

0 Kingsley Mok over 6 years ago

I have Shaw Cable Internet 600mpbs down 20mpbs up.

For my appliance, I use a Dell Optiplex 7010, i5 Core with 8 GB RAM and 250GB SSD, with 2 x 1 GBps NICs (1 onboard and 1 PCIE). Plenty of horse power for a firewall for home use with Enterprise qualities.

I downloaded and installed the SFOS 17.5.3 MR-3

I had similar issue with the symptom where my Internet online speed went from 600 mbps down to a terrible 50 mbps. I've rebooted the Sophos XG firewall and no go. So I started to troubleshoot.

Here are the settings that I have found I know WORKS:

1.) Network > WAN > Advanced > Interface Speed, I had to change mine from 100 Mbps Half to 1000 Mbps Full

2.) Firewall > firewall rule (#default)

- enable Scan HTTP

- Traffic Shaping = High Guarantee Rule

- Web Policy = Family Web Policies (custom web content filtering policy)

- Application Control = Allow All

Notice I skipped Intrusion Prevention? After much tinkering and troubleshooting, I found that IPS is the CAUSE of the problem.

Set the IPS to WAN TO LAN is better and makes logical sense...because you are protecting your internal network from the outside. Does not make sense to choose LAN TO WAN policy.

When IPS is enabled initially, it is okay.. but after a day or two, my Internet speed went from 600 to 50. Again. Rebooting the firewall did not resolve the issue. I had to set the IPS to none, then save, and the speed was back to normal. Something is definitely wrong with the IPS.

Either keep recycling that IPS setting on a daily base...which is stupid, OR, disable it completely... which is stupid as well... I mean, IPS is there to block intrusion attempts. Right? What a pickle this is.

Also, what I found can cause the problem, if you had specified Traffic Shaping on the Default rule, do not specify that same traffic shaping rule on the other fw rule, that will really slow it down which I found out.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 6 years ago in reply to Kingsley Mok

Hi,

your logic is sound, but wrong, you need to be using the LAN to WAN IPS.

You will need to tun e the PS DOS settings

What the large values in the detected column are i don't know because I have been playing with a number of applications that are not network friendly.

I have also changed the values in some of the protocols.

Since I took that screen shot I have disabled the destinations except for the icmp/6 fields.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Kingsley Mok over 6 years ago in reply to rfcat_vk

Hello Ian,

I chose WAN TO LAN because the description describes my scenario for my virtual lab. LAN TO WAN are for lan-based clients which are not applicable to me for my lab.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Kingsley Mok over 6 years ago in reply to rfcat_vk

Hello Ian,

I chose WAN TO LAN because the description describes my scenario for my virtual lab. LAN TO WAN are for lan-based clients which are not applicable to me for my lab.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rfcat_vk over 6 years ago in reply to Kingsley Mok

Hi,

answered the original posters questions.

There is another thread with the same issues, you might care to search because one of the more experienced forum members has posted some suggestions to overcome the issue.

community.sophos.com/.../ips-blocking-legit-traffic-speedtest-net-ips-impacting-performance-even-if-ips-is-not-enable-in-the-rule

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Kingsley Mok over 6 years ago in reply to rfcat_vk

I am getting full speed after some tweaks here and there and learned what not to do for those rules. I will be monitoring this.

Interesting. The link you provided suggested to have to go through the console route and manually run the command to disable the anomaly feature. I will check that out tonight when I get home and monitor the results. Thanks.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mohamed Elgnayni over 6 years ago in reply to Kingsley Mok

Hi Kingsley,

I am facing the same issue as yours on my device, If I applied any web policy rule the browsing is too slow and takes like forevever to load a simple page (google for example). When I remove web policy rule, browsing performance is back to normal. Would you please elaborate our solution?

Regards,
Cancel
Vote Up 0 Vote Down

Cancel
0 Kingsley Mok over 6 years ago in reply to Mohamed Elgnayni

Mohammed,

Everyone will be slightly different. But all my notes and examples are in the above posts. Check those settings. Also, check out one of the posts above that refers to https://community.sophos.com/kb/en-us/133096. This

Here is what I suggest:

1.) start with default setup, don't turn all of them on at once.

2.) test with online speed test. Are they matching up with your Internet package?

3.) Slowly modify rule one at a time and turn on one feature at a time and test online speed again.

4.) you do not need to enable AV, Web, and IPS on every FW rule. It is overkill. You only need to enable it on the rule where all traffic goes through that funnel/gateway.

Once you get all those sorted out, now you can start doing MAC filtering and Scheduling. Then create fw rule to reject traffic based on games's URL and using the MAC filtering and scheduling to control your kid's gaming habits.
Cancel
Vote Up 0 Vote Down

Cancel