Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 39684 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow VLAN to other VLAN file tranfer

Raffty Canete

Hi,

Does anyone experienced slow connection on VLAN to other VLAN file transfer? But when I use copy or transfer files using the same VLAN I dont have any issues on speed it can reach more that 100MBps, please note that I don't  have any policies yet that might trigger the slow bandwidth connection such security scanning. Both my Sophos and Core switch have 1500 MTU and both connected on 10GB ports as uplink.

Thanks,

Raffty



This thread was automatically locked due to age.
  • 0

    Raffty,

    so you are using XG as layer 3 device to route traffic between VLAN? Did you create the required Policy rule to allow transfer?

    IPS scanning is not enabled?

    Post a screenshot of the firewall rule configuration. I have 2 VLANs and I am not experiencing the same issue (unfortunately I am using a 100 Mb switch)

     

  • 0 in reply to lferrara

    Hi Luk,

    Yes, I used XG as layer to route traffic which also act as my DHCP server. For the rule, as of now I am using the LAN-LAN rule which is allowing all traffic (any-any) I dont have any fiilter yet per VLAN because my network is new and yet stable to easily isolate if there is any problem. The I found out that VLAN to other VLAN connection is slow compare to a traffice when using the same process on the same VLAN. 

    Yes, on the Policy, IPS was disabled, no security scanning yet was implemented. The only policy that have IPS is my LAN-to-WAN for the internet.

    On my setup, I have total of 12 VLAN's representing for every teams created on my 10GB XG port. Image attached is my LAN to LAN Policy.

     

    Raffty

  • 0 in reply to Raffty Canete

    Rafty,

    what HW are you using? How are the overall system performances? I mean, have a look at system reporting during the last 24 hours and post results of the following commands form the system usages from CLI (option 4):

    1. sh ips-settings

    2. sh advanced-firewall

    3. system diagnostics show disk

    4.system diagnostics show Memory

     

    Thanks

  • 0 in reply to Raffty Canete

     Hi Raffty,

    From the firewall rule screenshot you have shared, it seems like this Port is being used to its max already. 

    The thing that I could notice here was the RX is 41k GB and TX is 33k GB. 

    If correct, please go to diagnostics > system graph on your device and see the Interface info graph.

    It may be getting chocked.

    Regards,

  • 0 in reply to lferrara

    Iferrara,

     

    I am using the Sophos XG310. System Performance goes well. I can't see any problems on CPU, Memory and DIsk.

     

     

    LAN ports Diagnostics below, please note that I am using a 10GB SFP+ ports for my LAN network.

     

    Thanks,

     

    Raffty

  • 0 in reply to varunparikh

    Hi Varunparikh,

    Thank you for your reply, I think the traffic information in the firewall rule is accumulated data of traffic by time. When I am checking my Interface graph on System diagnostic the traffic flows not only reaching 1GB, please note I am using a 10GB SFP+ port for my LAN. Please see screenshot below. Is my understanding correct?

     

     

    Thanks,

    Raffty

  • 0 in reply to Raffty Canete

    Thanks Raffty,

    Can you share the output of the 4 commands I wrote in the previous reply?

    Thanks

  • 0 in reply to lferrara

    Hi lferrara,

    Yes, please see below for the result.

     Thanks,

    Raffty

  • 0 in reply to Raffty Canete

    Sorry first one seem's blur, txt based to be sure.

    Sophos Firmware Version SFOS 15.01.0 MR-3

    console> sh ips-settings
    -------------IPS Settings-------------
    stream on
    lowmem off
    maxsesbytes 0
    maxpkts 8
    mmap off
    enable_appsignatures on
    http_response_scan_limit 65535


    -------------IPS Instances------------
    IPS CPU
    1 2

    console> sh advanced-firewall
    Strict Policy : on
    FtpBounce Prevention : control
    Tcp Conn. Establishment Idle Timeout : 10800
    Fragmented Traffic Policy : allow
    Midstream Connection Pickup : off
    TCP Seq Checking : on
    TCP Window Scaling : on
    TCP Appropriate Byte Count : on
    TCP Selective Acknowledgements : on
    TCP Forward RTO-Recovery[F-RTO] : off
    TCP TIMESTAMPS : off
    Strict ICMP Tracking : off


    Bypass Stateful Firewall
    ------------------------
    Source Genmask Destination Genmask


    NAT policy for system originated traffic
    ---------------------
    Destination Network Destination Netmask Interface SNAT IP

  • 0 in reply to Raffty Canete

    Raffty,

    from your reports, you do not even reach 100Mb. I would advise you to open a ticket with support and also send an email to to check if it can follow your case internally too.

    Make sure to configure all the ports in Full Duplex where the speed is not Auto but fixed. Also I would check a flow between 2 switches ports without passing through the XG and check the performance.

    I remember some time ago that even the switch was not able to handle the 10G traffic (it was a bug inside the switch OS).

    After these tests, open a ticket with the Support and let us know!

    Thanks