We are currently deploying an XGS116 running FW SFOS 18.5.1 MR-1-Build326 . We noticed that the IPS feature is causing a severe delay of 3-5 seconds when opening websites. Interestingly enough this delay is also happening when NO IPS policy is applied to the rule. The only way to fix the issue is by shutting down the IPS service. Sophos Support was thus far unable to solve the problem. Anyone has any idea or can reproduce this error on their XGS116? In order to replicate the error do the following: For testing always use a browser window in incognito mode. Open any website and measure the time to first byte in Chrome console -> Network (see here: http://b3.ms/avz9E8VEbMWp ) Disable IPS by going to System Services -> Services in Sophos Config and click "Stop" in the IPS service row Make sure your browser cache is emptied by opening a new incognito window. Measure the time to first byte again, as shown here: http://b3.ms/Oq5nRlJXG90w ) Also, you can double check if an IPS rule is applied to a policy under firewall rules: http://b3.ms/Kav9kRv5bMPX If this is set to None IPS should not be causing any interference but it does for us. Any ideas how to mitigate this are highly appreciated. Thanks

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS116 IPS causes severe delay when opening websites

We are currently deploying an XGS116 running FWSFOS 18.5.1 MR-1-Build326. We noticed that the IPS feature is causing a severe delay of 3-5 seconds when opening websites. Interestingly enough this delay is also happening when NO IPS policy is applied to the rule. The only way to fix the issue is by shutting down the IPS service. Sophos Support was thus far unable to solve the problem. Anyone has any idea or can reproduce this error on their XGS116?

In order to replicate the error do the following:

For testing always use a browser window in incognito mode. Open any website and measure the time to first byte in Chrome console -> Network (see here: http://b3.ms/avz9E8VEbMWp)
Disable IPS by going to System Services -> Services in Sophos Config and click "Stop" in the IPS service row
Make sure your browser cache is emptied by opening a new incognito window. Measure the time to first byte again, as shown here: http://b3.ms/Oq5nRlJXG90w )
Also, you can double check if an IPS rule is applied to a policy under firewall rules: http://b3.ms/Kav9kRv5bMPX If this is set to None IPS should not be causing any interference but it does for us.

Any ideas how to mitigate this are highly appreciated.

Thanks

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 3 years ago

Hi,

please check your DNS settings on the user device and the XG.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Daniel Klose over 3 years ago in reply to rfcat_vk

Hi Ian,

the FW runs in bridge mode. DNS is passed through by the router.

My client receives the router IP as DNS which is correct.

FW

cat /etc/resolv.conf

shows

nameserver 127.0.0.1

GUI shows router + local http://b3.ms/a3w9NXl4znVK

FYI changing the DNS in client and FW to 1.1.1.1 (cloudflare) doesnt change a thing.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Daniel Klose over 3 years ago in reply to rfcat_vk

Hi Ian,

the FW runs in bridge mode. DNS is passed through by the router.

My client receives the router IP as DNS which is correct.

FW

cat /etc/resolv.conf

shows

nameserver 127.0.0.1

GUI shows router + local http://b3.ms/a3w9NXl4znVK

FYI changing the DNS in client and FW to 1.1.1.1 (cloudflare) doesnt change a thing.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data