Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 1035 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

accessing internal application server over slow link

dan becker

When remote users access an application server behind our XG firewall over a high latency connection to our site, they get an error. I can repro. this issue when I'm on a cellular network. But, when I'm in a Wifi connection (I'm in same city as XG Firewall) I don't have any issues.

Anyone have any tips? The application server software vendor said it's out of their control. Of course.



This thread was automatically locked due to age.
Parents
  • 0

    Can you map a network chart for me visibility? Seems like a network issue. 

  • 0 in reply to LuCar Toni

    Yesterday I had to re-install our pfSense router so people could access the application server. I was tired of trying to fine tune our fancy new XG box on a Saturday. The pfSense router is identical hardware, Supermicro intel 2758 quad core. We have a 2 core 4GB RAM XG SW/Virtual appliance license. As soon as the pfSense box was active, the problem was solved. The only thing I can think of is that pfSense utilizes all CPU cores and RAM which are double of what XG utilizes due to the SW license we have.

    I'm at a loss. Why would pfSense allow slow connections to access the application server w/out timing out while the XG box would not?

    All IPS, application and web filtering on the DNAT rule is disabled.

  • 0 in reply to dan becker

    Actually we are doing the same as pfSense. Simple DNAT with Conntrack. So this should not be a hardware issue or something like that. 

    Is this connection UDP or TCP? 

  • 0 in reply to LuCar Toni

    TCP.

    The application server also access other external servers that the sw vendor hosts. So, a remote client connects to our application server and portions of the download they are attempting originate from our LAN and portions also originate from externally hosted servers.

    So, the application server is a proxy for a portion of the data that's downloaded by the client.

    Regardless, pfSense has no issues,

    XG terminates downloads when accessed over high latency connections but does fine with other low latency connections.

  • 0 in reply to dan becker

    This is impossible to troubleshoot. You should perform a tcpdump and look at the packet level to find the root cause of this behavior. 

Reply Children
  • 0 in reply to LuCar Toni

    when we purchased the Sophos system, we also included "Professional Services (Central) - 5
    hour Remote Assistance" but I cannot figure out how to use this support option. Can you kindly explain how i can get a Support Technician to connect to a screen sharing session to help me troubleshoot?

  • 0 in reply to dan becker

    Hello Dan,

    Thank you for contacting the Sophos Community!

    Could you please provide me with any Case Id you have with us or your Account Name, so I can look for you and direct to your Account Manager, so he can arrange your Professional Services hours! 

    Regards,