Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 15053 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

High bandwith consumption in bridge mode and high latency

JoseCasanova

Greetings,

I’ve installed a Sophos XG210 in bridge mode, with a cisco ASA in the perimeter connected to WAN link, and a cisco core switch in the LAN link.

When the Sophos XG is connected, every time a High consumption of bandwidth (due to updates or something else), the internet connection goes south, with high latency and intermittence. The resources (CPU - RAM) in Sophos XG stays normal. This problem isn’t happening if the Sophos XG is disconnected from the network.

In other implementations, when Fortigate is above (instead of Cisco ASA), it doesn't happens.

Have anyone experience this issue?

Regards,

Jose

 



This thread was automatically locked due to age.
  • 0 in reply to lferrara

    Hi Luk,

     

     I opened a case with Sophos Support. The graphics of CPU, memory and load for the last 24 hours are:

    The device is an XG210, and there are max, 150 users on network. So it must be another thing.

    Thanks for your reply. I'll keep you posted if we find the solution with Sophos Support.

    Regards,

     

    Jose

  • 0 in reply to lferrara

    Hi again,

     

    Sophos Support is taking a while so I'll post an update:

    If I execute drop-packet-capture, I get several logs like the next one:

    But I have a policy that match that packet and is not let it through the XG:

    The ISP service is OFF. What else could cause this problem?

     

    Regards,

     

    Jose

  • 0 in reply to JoseCasanova

    proto TCP:F will be logged as dropped as FIN/RST packets are not affected by ALLOW ALL rules. Without quality logging, I am afraid you will have to wait on support [:(]

    I am curious about your setup. Are you inspecting any traffic on XG or just routing all traffic? What are your other firewall rules?

  • 0 in reply to Billybob

    Hi Billy,

    I'm using the XG for Spam Filter and ATP mainly. After the issue being solved, we will configure some Web filter policies.

    What could be the cause for the Sophos XG to read those packages as proto TCP:F? they have a Cisco Switch core before the XG (LAN side) and Cisco ASA after (WAN side).

    What logs do you want to see?, if it's not much trouble.

    Thanks for all your help.

    Regards,

    Jose