Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 25495 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My bandwidth decreases significantly when I try to use Sophos XG versus Sophos UTM.

JohnDoe2

I have both my sophos UTM and Sophos XG setup as virtual machines on the same host with identical resource allotments (8vCPUs/8GB of ram). When I'm using the Sophos 9.X UTM everything is fine I am able to achieve my ISP speeds (50/10) without any trouble. If I cut over to the XG and use that I see below 10 on both down/up speeds. There doesn't appear to be a difference if I have IPS on or off, web filter on or off.

This is being used on the home license so I know that there is a limitation on the XG of 4 vCPUs/6GB but I gave it more just to see what happens and while I can see the counts within XG i'm guessing it isn't actually using all of that.

Is there something else I am missing?



This thread was automatically locked due to age.
Parents
  • 0
    I am also experiencing this same issue, which is very disheartening considering the features of the XG Firewall. In production, I have Sophos UTM 9.3 with no issues bringing down 60Mbps. I have installed Sophos XG on similar hardware, and it can't even do 3 Mbps with 1 firewall rule, no IPS or app/web filters.

    I figured it could be the mainboard NIC, so I installed two PCI-E Intel® 82574L controllers - same deal. It seems as though Sophos XG is missing a ton of drivers... everything links up at 1000Mbps/Auto/Full-Duplex, but the performance is crud. CPU and Memory is fine (though Load calcs are confusing...). It is imperative that Sophos XG supports 802.11Q vlans on Intel® 82574L.

    I have tried changing NAT policies, QoS, DSCP marking, rules with no web/app/malware filters, rules with everything set - makes no difference.

    It is a simple HP Compaq DC7900: (better hardware than the UTM 9.3)
    CPU family Intel Core 2 Duo
    CPU nominal frequency 3.16GHz
    Processor socket LGA 775
    8 GB RAM
    2 x Intel® 82574L PCI-E
    80 GB HDD
    Same problem using mainboard NIC.

    Anyone else having issues? I have not run it in a VM - but if it can't support specific NIC hardware, the VM-allocated on top might experience the same fate. Might be worth changing the type of hardware for the VM NIC.

    Was hoping that a new release of Sophos XG would address these -assumably- driver/hardware issues... but there's no news on when we can expect an update.
  • 0 in reply to CChamp
    The VM might have a significant performance boost. If the host OS has a proper driver, and XG detects this and uses a paravirtualized NIC driver, this might bring the cure for now.

    I just bought a Zotac CI323 will try the XG firewall on it directly
    Currently I am running UTM9 in a Hyper-V VM with only 2 vCPUs and get easily 100 MBps with IPS and ATP on (no webfilter though).
  • 0 in reply to EdmundSackbauer
    My current UTM9 VM on the same host has no issues at all with 8vCPUs and 8GBs of ram (could probably scale it back but its working fine).
Reply Children
No Data