Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 25500 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My bandwidth decreases significantly when I try to use Sophos XG versus Sophos UTM.

JohnDoe2

I have both my sophos UTM and Sophos XG setup as virtual machines on the same host with identical resource allotments (8vCPUs/8GB of ram). When I'm using the Sophos 9.X UTM everything is fine I am able to achieve my ISP speeds (50/10) without any trouble. If I cut over to the XG and use that I see below 10 on both down/up speeds. There doesn't appear to be a difference if I have IPS on or off, web filter on or off.

This is being used on the home license so I know that there is a limitation on the XG of 4 vCPUs/6GB but I gave it more just to see what happens and while I can see the counts within XG i'm guessing it isn't actually using all of that.

Is there something else I am missing?



This thread was automatically locked due to age.
Parents
  • 0
    I am also experiencing this same issue, which is very disheartening considering the features of the XG Firewall. In production, I have Sophos UTM 9.3 with no issues bringing down 60Mbps. I have installed Sophos XG on similar hardware, and it can't even do 3 Mbps with 1 firewall rule, no IPS or app/web filters.

    I figured it could be the mainboard NIC, so I installed two PCI-E Intel® 82574L controllers - same deal. It seems as though Sophos XG is missing a ton of drivers... everything links up at 1000Mbps/Auto/Full-Duplex, but the performance is crud. CPU and Memory is fine (though Load calcs are confusing...). It is imperative that Sophos XG supports 802.11Q vlans on Intel® 82574L.

    I have tried changing NAT policies, QoS, DSCP marking, rules with no web/app/malware filters, rules with everything set - makes no difference.

    It is a simple HP Compaq DC7900: (better hardware than the UTM 9.3)
    CPU family Intel Core 2 Duo
    CPU nominal frequency 3.16GHz
    Processor socket LGA 775
    8 GB RAM
    2 x Intel® 82574L PCI-E
    80 GB HDD
    Same problem using mainboard NIC.

    Anyone else having issues? I have not run it in a VM - but if it can't support specific NIC hardware, the VM-allocated on top might experience the same fate. Might be worth changing the type of hardware for the VM NIC.

    Was hoping that a new release of Sophos XG would address these -assumably- driver/hardware issues... but there's no news on when we can expect an update.
  • 0 in reply to CChamp
    The VM might have a significant performance boost. If the host OS has a proper driver, and XG detects this and uses a paravirtualized NIC driver, this might bring the cure for now.

    I just bought a Zotac CI323 will try the XG firewall on it directly
    Currently I am running UTM9 in a Hyper-V VM with only 2 vCPUs and get easily 100 MBps with IPS and ATP on (no webfilter though).
Reply
  • 0 in reply to CChamp
    The VM might have a significant performance boost. If the host OS has a proper driver, and XG detects this and uses a paravirtualized NIC driver, this might bring the cure for now.

    I just bought a Zotac CI323 will try the XG firewall on it directly
    Currently I am running UTM9 in a Hyper-V VM with only 2 vCPUs and get easily 100 MBps with IPS and ATP on (no webfilter though).
Children