I would like to request an RMA on the above purchase order with TD SYNNEX for the following reasons:
After installing and running several tests with the Sophos XG firmware version 19, I was not able to get the performance (internet bandwidth mainly) that is expected when applying IPS.
I contacted Sophos support several weeks ago and my case was escalated and assigned to Greg Murray (Sophos Case 05306199 )
Greg has summarized the findings on his email (See below).
The bottom line is that the limitation of the license purchased, which limits the use of 1 CPU core, is not suitable for providing Demos to my clients.
We found out that It would be more beneficial to use an evaluation license for my DEMOS which does not have this limitation.
The reason behind purchasing these NFR licenses was to use them for demos but as you can see per Sophos Support findings, I would be better off using an evaluation license.
From: Sophos Support <support@sophos.com>
Sent: Wednesday, July 27, 2022 12:07 PM
To: riad@xentrion.com
Subject: RE: 05306199 / Slow internet speed / ref:_00D301GN6a._5003Z1PSMkl:ref
Hi Riad,
As discussed here is the summary of the Case (05306199) and our findings:
Based on our testing it appears the Speed/Throughput issue is a hardware/license sizing issue. When the Appliance is limited to 1 CPU core we see IPS max out when downloading files. But when we switch to a Eval/Trial license (allowing the appliance to use all 4 CPU cores) the IPS service does not max out the CPU and allows the traffic to work as expected with IPS enabled.
J1900 appliance with SFOS License - 1CPU Core and 4GB RAM:
- Ran Speedtest with IPS disabled, confirmed the throughput was roughly 500mbps Down and 700mbps Up
- With IPS on (set to default "LAN to WAN" Policy in the Firewall rule):
- When using the Speedtest Windows Application we get roughly 100mbps Down and 100mbps Up
* While this is happening we found the snort process using roughly 90% CPU
- When using the Speedtest Site we get the same speeds with IPS disabled (500mbps Down and 700mbps Up)
* snort CPU usage never went above 10%
** The difference is most likely due the App handling the traffic differently which triggers more IPS action (firewall treats it like DOS traffic)
- Tested with real-world download test, using Steam to download a large file/program:
- With IPS on is maxes out at 30MBPS (250mbps), but IPS process is maxing out on the CPU
- When IPS was disabled it increased to 70-75MBPS (600+mbps)
- The core issue may be a limitation of the hardware
** The J1900 appliance has 4 CPU cores, but the license is limiting it to only 1
J1900 appliance using Eval Trial allowing it to use all 4 CPU cores:
** We also saw an improvement in performance using 18.5.4 instead of 19.0.0 (but no difference when 1CPU core + IPS is enabled)
- Updated the license to be an Eval/Trial (so it would use all 4 CPU Cores)
- When IPS is enabled we see an increase in performance:
- Speed test is measuring roughly 750 Up & Down with IPS enabled
- No longer maxing out CPU (using max 200% of the available 400%)
- Downloading a large file in Steam we see the average download speed is around 50-55 MB/s
Recommended Riad Reach out to his AM/Sales contact for further assistance with this issue as the license appears to be undersized for the J1900 hardware appliance.
Regards,
Greg Murray
This thread was automatically locked due to age.
