This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

accessing internal application server over slow link

When remote users access an application server behind our XG firewall over a high latency connection to our site, they get an error. I can repro. this issue when I'm on a cellular network. But, when I'm in a Wifi connection (I'm in same city as XG Firewall) I don't have any issues.

Anyone have any tips? The application server software vendor said it's out of their control. Of course.

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 4 years ago

Can you map a network chart for me visibility? Seems like a network issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 dan becker over 4 years ago in reply to LuCar Toni

Yesterday I had to re-install our pfSense router so people could access the application server. I was tired of trying to fine tune our fancy new XG box on a Saturday. The pfSense router is identical hardware, Supermicro intel 2758 quad core. We have a 2 core 4GB RAM XG SW/Virtual appliance license. As soon as the pfSense box was active, the problem was solved. The only thing I can think of is that pfSense utilizes all CPU cores and RAM which are double of what XG utilizes due to the SW license we have.

I'm at a loss. Why would pfSense allow slow connections to access the application server w/out timing out while the XG box would not?

All IPS, application and web filtering on the DNAT rule is disabled.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to dan becker

Actually we are doing the same as pfSense. Simple DNAT with Conntrack. So this should not be a hardware issue or something like that.

Is this connection UDP or TCP?
Cancel
Vote Up 0 Vote Down

Cancel
0 dan becker over 4 years ago in reply to LuCar Toni

TCP.

The application server also access other external servers that the sw vendor hosts. So, a remote client connects to our application server and portions of the download they are attempting originate from our LAN and portions also originate from externally hosted servers.

So, the application server is a proxy for a portion of the data that's downloaded by the client.

Regardless, pfSense has no issues,

XG terminates downloads when accessed over high latency connections but does fine with other low latency connections.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dan becker over 4 years ago in reply to LuCar Toni

TCP.

The application server also access other external servers that the sw vendor hosts. So, a remote client connects to our application server and portions of the download they are attempting originate from our LAN and portions also originate from externally hosted servers.

So, the application server is a proxy for a portion of the data that's downloaded by the client.

Regardless, pfSense has no issues,

XG terminates downloads when accessed over high latency connections but does fine with other low latency connections.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 LuCar Toni over 4 years ago in reply to dan becker

This is impossible to troubleshoot. You should perform a tcpdump and look at the packet level to find the root cause of this behavior.
Cancel
Vote Up 0 Vote Down

Cancel
0 dan becker over 4 years ago in reply to LuCar Toni

when we purchased the Sophos system, we also included "Professional Services (Central) - 5
hour Remote Assistance" but I cannot figure out how to use this support option. Can you kindly explain how i can get a Support Technician to connect to a screen sharing session to help me troubleshoot?
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 4 years ago in reply to dan becker

Hello Dan,

Thank you for contacting the Sophos Community!

Could you please provide me with any Case Id you have with us or your Account Name, so I can look for you and direct to your Account Manager, so he can arrange your Professional Services hours!

Regards,
Cancel
Vote Up 0 Vote Down

Cancel