Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 27 subscribers
  • Views 1825 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG: ISP 20 Mbps, users getting no more than 10 Mbps - no IPS, policies, or checks

Arie

Problem:

  • ISP provides 20 Mbps
  • Speed test on XG shows download at 20+ Mbps
  • Clients hover between 7-10 Mbps - never over ~10 Mbps.

Troubleshooting steps:

  1. Rules: Created plain rule with no checks enabled, no traffic shaping. Verified in Policy Test that this rule is used.
  2. Traffic shaping (QoS) settings - Set Total available WAN bandwidth to max (2560000).
  3. Traffic shaping (QoS) settings - Disabled "Enforce guaranteed bandwidth"
  4. Traffic Shaping - Created max throughput shaping rule and applied to the plain rule.
  5. Services - Disabled AV service
  6. Services - Disabled IPS service
  7. Client-side bandwidth  - never exceeds ~10 Mbps
  8. XG CLI: Performed download test (100 MB file) on the XG device: gets the maximum of 20+ Mbps
  9. Metrics: CPU <25% during download tests.
  10. Metrics: RAM usage ~35% (2.5 GB), free ~3.5 GB)
  11. Console bandwidth monitor shows the same bandwidth on WAN and LAN interfaces.
  12. Rebooted XG

Rules:

  • For troubleshooting, only one rule - any-any. No checks, shaping, etc.

Shaping

  • Default set the highest possible value.

OS:

  • Sophos Home 18.0.5 MR-5-Build586

Hardware:

  • Protectli Vault 4 Port, Firewall Micro Appliance/Mini PC - Intel Quad Core, AES-NI, 8GB RAM, 120GB mSATA SSD
  • 4x Intel i210 Gigabit Ethernet ports



This thread was automatically locked due to age.
  • 0 in reply to rfcat_vk

    Those are good suggestions. I'm using a pair of Sophos AP 110C access points in a mesh, but your reply made me realize I never tried eliminating that from the test configuration.

    I'll try that as soon as possible and report back.

  • 0 in reply to Arie

    New test: connected a client directly to the LAN port. Speeds were a little below 20 Mbps, but not much.

    Looks like the problem lies in the Sophos AP mesh or the (unmanaged) switch between the main AP and XG.

    I'll get to the bottom of that once I have a faster connection from my ISP. Could be months or even years...