Horrible Website Loading Speeds with Content Filtering / IPS enabled

Question

Hi everyone, 
 I'm posting here as a last-ditch effort before I return my Sophos XG products for a refund and go with Meraki or Sonicwalls. 
 Over the last week or so, I have been receiving complaints from my client stating that their internet speeds are painfully slow. I ran a speedtest from speedtest.net and they were getting 100 down / 10 Up, so it's not an issue with download speeds. I verified the issue is it can take 6-10 seconds to load a website. Websites that are especially graphics-heavy or secure, such as banking websites, seem to take the longest. (HTTPS scanning and HTTP scanning are disabled) 
 I spent some time troubleshooting the problem and determined that the problem goes away when I turn off "Default Workplace Policy" and "LAN to WAN" IPS policy. BOTH of these are combining to cause the slow speeds. For example, if I only turn on Default Workplace Policy (and leave IPS off) what it will do is take 3-5 seconds to load all of the content on each website. I.E. it will load the content in small chunks, such as images etc. An interesting thing to note is even when "Allow All" is selected, it still takes this long. I have to select "none" for the speeds to improve. 
 When I turn OFF "Default Workplace Policy" and turn on only the IPS, then it takes 3-5 seconds to start loading the website. It will be stuck at "Establishing Secure Connection" or "Resolving Host" for that period of time then it will load the page quickly after the initial 3-5 second waiting period. If I turn both off, the page loads in 0.5 seconds. 
 I understand there are tweaks I can do to improve the IPS speeds but there seems to be nothing I can do about the content filtering... except turn it off. 
 Before I return these Sophos products, I wanted to reach out to the community to see if there was anything I can do. 
 Note, this happens on both my Sophos XG125 (serving 12 users), and Sophos XG105 (serving 3 users). The CPU on both is usually around 10% and memory around 50%. The only option is to turn IPS and content filtering off.... which is a horrible solution. This Sophos product has caused me nothing but problems since I bought it. 
 Thanks, 
 Chris

ChrisWestmacott · Accepted Answer

Hi everyone, 
 I resolved the issue; thank you for your suggestions. The problem was under Network -> DNS, the primary DNS for the Sophos XG was its' internal LAN IP (10.0.0.1). I did a DNS test from the XG and response times were over 400msec. As soon as I changed the device DNS from that IP to the ISP's DNS servers, response times went down to 5-50msec. I could then enable IPS and content filtering with no lag noticed on the workstation end. I'm not sure why no one suggested this (including Sophos support in a ticket I've had open for weeks about the issue), which is annoying because I don't feel I can rely on them for support when I need it. 
 Now to figure out how to get L2TP remote access working... I got PPTP and SSL VPN working no problem, but am having problem with L2TP even after setting authentication to ANY via the CLI, ensuring the PSK matches between client and the XG, defining a scope in the L2TP settings, defining a L2TP connection and clicking "active" to turn it green, and so on... I guess I'll make another thread about that. 
 Thanks, 
 Chris