Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 911 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG to Fortigate IPsec Speed Issues

wenit etan

I’ve been trying to troubleshoot IPsec tunnel speeds on a Sophos to Fortigate connection. From the Sophos end, sending data to the Fortigate end will use the full bandwidth. However, copying data from the Fortigate end to the https://19216801.onl/ Sophos end will only get around 10% of the full bandwidth.

I create test IPsec tunnels from that Sophos to a test Sophos in Azure and it got full bandwidth both ways. But creating a tunnel from the fortigate to the test Sophos in Azure gave the same speed issue when copying data from the fortigate side. The fortigate doesn’t have any packet inspection turned on, and when someone uses the forticlient (fortigate SSL vpn client) they don’t have the same transfer speed issues.

Any ideas?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    we use a Fortinet - Sophos Connection for a few years now and had no problems.
    At Fortinet i have a VPN Tunnel with this setting and no speed issues to different locations (XGS2100 and XG125).

    Authentication with PSK and IKE v1 Main (ID protection)

    Phase 1

    AES256-SHA256
    DH 5,14
    Key lifetime 7800
    no local ID

    XAUTH Disabled

    Phase 2

    AES256-SHA256
    Enable Relay Detection
    Eanble PFS
    DH 5,14
    Key liefetime 3600

    You could try this settings.

    maybe the Sophos has problems with high encryption and CPU ..

Reply
  • 0

    Hi,

    we use a Fortinet - Sophos Connection for a few years now and had no problems.
    At Fortinet i have a VPN Tunnel with this setting and no speed issues to different locations (XGS2100 and XG125).

    Authentication with PSK and IKE v1 Main (ID protection)

    Phase 1

    AES256-SHA256
    DH 5,14
    Key lifetime 7800
    no local ID

    XAUTH Disabled

    Phase 2

    AES256-SHA256
    Enable Relay Detection
    Eanble PFS
    DH 5,14
    Key liefetime 3600

    You could try this settings.

    maybe the Sophos has problems with high encryption and CPU ..

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?