This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Poor IPSec VPN Throughput in One Direction

I have a site to site IPSec VPN tunnel between two Sophos XG firewalls. They had been fine, but recently throughput has become an issue.

Both sides have symmetrical 1Gb circuits. When testing with iPerf I am getting 250 Mb/s in one direction, but less than 3 Mb/s in the other direction. I am not sure what has changed to cause this performance issue.

Neither firewall shows any significant CPU load or other significant activity. The firewall rule is currently set to Log only between the two subnets.

This thread was automatically locked due to age.

Top Replies

rfcat_vk over 3 years ago +1

Hi, please heck you ips settings in the gui. What version of XG are you running? ian

Parents

0 rfcat_vk over 3 years ago

Hi,

please heck you ips settings in the gui. What version of XG are you running?

ian

XG115W - v19.5.1 mr-1 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 Matthew Zacune over 3 years ago in reply to rfcat_vk

I am currently running 18.5.2 MR2. I just upgraded them a couple of days ago from the previous version to see if it would help with the performance issue.

This is what I have in the IPS Policies section:

However, the firewall rules in use for traffic across the VPN on these subnets only have logging enabled. There is not an IPS policy applied to the firewall rule.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Matthew Zacune over 3 years ago in reply to rfcat_vk

I am currently running 18.5.2 MR2. I just upgraded them a couple of days ago from the previous version to see if it would help with the performance issue.

This is what I have in the IPS Policies section:

However, the firewall rules in use for traffic across the VPN on these subnets only have logging enabled. There is not an IPS policy applied to the firewall rule.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rfcat_vk over 3 years ago in reply to Matthew Zacune

You misunderstood me. Please review the gui -> ips spot see if it is enabled and blocking traffic?

ian

XG115W - v19.5.1 mr-1 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Matthew Zacune over 3 years ago in reply to rfcat_vk

I'm sorry. I am not sure where it is that you are referring to. Can you please clarify?

Thank you.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to Matthew Zacune

Xg control panel lefthand side there is an IPS tab.

Ian

XG115W - v19.5.1 mr-1 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Matthew Zacune over 3 years ago in reply to rfcat_vk

Are you referring to this page?
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 3 years ago in reply to Matthew Zacune

Yes.

XG115W - v19.5.1 mr-1 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Poor IPSec VPN Throughput in One Direction

Top Replies

Submitted a Tech Support Case lately from the Support Portal?