Dear Sophos Community,
we have experienced the following at a customer:
Site A
XGS2100 Cluster SFOS 19.0.0 GA-Build317
Site B
XGS116 Cluster SFOS 19.0.0 GA-Build317
Connection via "point to point" glasfiber Provider Switch, Copper Uplink Module on Port 5 respectivly, 1Gbit/s symmetrical
IP Configuration
WAN Zone 172.31.255.0/24 (Site A has the IP .2; Site B has the IP .3, as Gateway we set the respective other appliance. Only Site A hast real WAN Uplink, Port 5 was put as backup manually on both appliances)
Site-to-site VPN, to make sure, that ISP cannot track the traffic between Sites, as it contains very sensitive Data
Connection Type Tunnel Interface (Phase 1
Site A having 10.10.10.1/30
Site B having 10.10.10.2/30
Routing via OSPF
Throughput of both Devices should be sufficiant (Both Phases with AES256 and SHA256 and DH14 group) Tunnel itself seems stable
Now the curious part: Site A to Site B seems to work fine, however, Site B to Site A the Uplink from Site B seems to be limited to 10MBit/s sharp; Search pointed me towards Traffic shaping settings, these where changed to maximum values, however, did not make any difference.
Question: Is there anything I am overlooking, shouldnt the appliance be able to use somewhat near 1GBit/s minus IPsec overhead and encryption/decryption-delays? Why is the Limitation asymmetric, does it have to do with the XGS116 Cluster?
IPS and other load-specific processes are not yet in use, no QoS is active. Provider Checked the Ports of his Switch, no limitations there.
This thread was automatically locked due to age.
