Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 843 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall on Hyper-V 2019 - Network Performance Issues

cm00001

Hello,

Yesterday I tried moving an XG Firewall Virtual Machine (Hyper-V) from Server 2016 to Server 2019 and I noticed a network performance decrease right away. 

I can't tell if the problem is caused by both the LAN and WAN interfaces, but at least, after switching, when doing a speed test, the XG Firewall reports a speed of ~2Mbps on a connection that should be ~130Mbps in normal conditions. 

Another thread mentions this for UTM:  https://community.sophos.com/utm-firewall/f/general-discussion/117369/sophos-utm-9-7-poor-bandwith

Any thoughts or suggestions to try before moving back to Server 2016 again?

Thanks!



This thread was automatically locked due to age.
Parents
  • +1

    Update. I found the issue. Nothing related to Server 2019. Yesterday I started experimenting with the Intrusion Prevention -> Enabling TCP and SYN flood DoS prevention, and with the default values, it was killing my WAN access.  I have to read what's the best way to configure those.

Reply
  • +1

    Update. I found the issue. Nothing related to Server 2019. Yesterday I started experimenting with the Intrusion Prevention -> Enabling TCP and SYN flood DoS prevention, and with the default values, it was killing my WAN access.  I have to read what's the best way to configure those.

Children
  • FormerMember
    0 FormerMember in reply to cm00001

    Hi ,

    Thank you for reaching out to Sophos Community.

    Glad to know that you've identified an issue.

    Configuring TCP flood is not recommended as most of the internet services are accessible through TCP protocol. If you'd like to configure TCP flood then you may need to monitor the total packet count(per minute) transmitted by end machines and then have to configure the packet rate accordingly on XG.

    Click here to find more information on "How to prevent DoS and DDoS attacks"

    You may also apply IPS policies on firewall rules which look for activity attempting to exploit vulnerabilities in the network.

    Click here to find more information on "IPS policies".