Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 10020 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

v15 to v16 - Huge latency issues now

Derek Flinner

I run an SG135 at home. I've been running v15 for almost a year. I saved my config, ran the v16 hardware installer, imported my config and began noticing high latency at random times thorughout the day. Mostly late night. I never experienced these issues in v15. For no good reason, I would get 400-800ms delays to the Internet. If I reset the "Web Filter" service, it would correct itself  for a couple of minutes and then return to the same high latency. I'm not seeing anything odd trigger in the logs. No high bandwidth consumption at all. After a period of time, upwards of an hour or two of this behavior, the latency would quit and go back to normal. I decided to bite the bullet, pull a fresh copy of the installer down, reinstalled v16 from scratch and started a new config from scratch. I used default policies to apply to my interfaces, and the issues are back. I am at a complete loss. Has anyone seen this before? Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Derek,

    how is the ping from the XG itself? I mean, connect to XG and use the CLI

    Thanks

  • 0 in reply to lferrara

    When I experience the issue, as it happens randomly, the latency can be seen within the Diagnostic section of the UI as well where you select a destination to ping.

  • 0 in reply to Derek Flinner

    HI Derek, 

    I would need more information as per the questions below 

    Could you post the CPU and Memory usage during the issue . 

    Have you applied DOS settings (in case possibility of flooding)

    If not apply settings as follows SYN - 1500 to 2500 UDP 5000 TCP none and Bypass UDP: 53 and UDP 443 in DOS settings . 

    How many concurrent users are there in your network and what is your hardware model .

    If you Stop IPS service  any progress?

    Thanks and Regards

    Aditya Patel| Network and Security engineer.

  • 0 in reply to Aditya Patel

    Ok. I figured I should post an update. Unfortunately this is still happening. I did have about 2 weeks where this was not really affecting me. I only notice the latency when I'm utilizing something that suffers from high latency like online gaming. Other than that, one would probably not notice that this was happening. Perhaps this is happening to more people and they don't know?

    Answer to questions:

    -This is an SG135 unit running in a home environment with 2 adult and 2 young children. 

    -CPU and memory utilization is not high. I can post screenshots if necessary.
     

    What I've found.

    High latency still happens with:

    1. IPS disabled.
    2. Extra network switch in-between Sophos and Internet modem.
    3. Syn/UDP/ICMP flood protection on
    3a. I did get a minor trigger on the UDP flood at one point.
    UDP flood: Source - Traffic Dropped - 163. Could have been DNS. I did not have the exception in at that point. When I dug into the alert, there were no UDP flooders or flood victims showing in the results window. no IP addresses / Last Seen.
    4. I also have tested all of my cabling.
     
    The only temporary fix is to 'restart' the web proxy.
    If i put web filtering to "None'. Latency does go down. I'm playing around with this now to see if I can figure out what is causing the latency in the web filtering and if this is where the issue lies. The policy I am using is the default web filtering policy and it has not been modified. It is the one that came with XG.

    In the midst of all of this, my license expired. I'm having issues getting the renewed one to sync to my firewall which is a different issue, but felt it may be pertinent to throw in the mix as this issue still happened with multiple modules being disabled due to expired licensing.

     

    -Derek

Reply
  • 0 in reply to Aditya Patel

    Ok. I figured I should post an update. Unfortunately this is still happening. I did have about 2 weeks where this was not really affecting me. I only notice the latency when I'm utilizing something that suffers from high latency like online gaming. Other than that, one would probably not notice that this was happening. Perhaps this is happening to more people and they don't know?

    Answer to questions:

    -This is an SG135 unit running in a home environment with 2 adult and 2 young children. 

    -CPU and memory utilization is not high. I can post screenshots if necessary.
     

    What I've found.

    High latency still happens with:

    1. IPS disabled.
    2. Extra network switch in-between Sophos and Internet modem.
    3. Syn/UDP/ICMP flood protection on
    3a. I did get a minor trigger on the UDP flood at one point.
    UDP flood: Source - Traffic Dropped - 163. Could have been DNS. I did not have the exception in at that point. When I dug into the alert, there were no UDP flooders or flood victims showing in the results window. no IP addresses / Last Seen.
    4. I also have tested all of my cabling.
     
    The only temporary fix is to 'restart' the web proxy.
    If i put web filtering to "None'. Latency does go down. I'm playing around with this now to see if I can figure out what is causing the latency in the web filtering and if this is where the issue lies. The policy I am using is the default web filtering policy and it has not been modified. It is the one that came with XG.

    In the midst of all of this, my license expired. I'm having issues getting the renewed one to sync to my firewall which is a different issue, but felt it may be pertinent to throw in the mix as this issue still happened with multiple modules being disabled due to expired licensing.

     

    -Derek

Children
  • 0 in reply to Derek Flinner

    Hi Derek, sorry for your troubles. I was wondering if you are using any application control rules? I have noticed some increase in latency when using a large custom list with too many allow/deny application control rules.

  • 0 in reply to Derek Flinner

    Derek Flinner said:

    The only temporary fix is to 'restart' the web proxy.

    If i put web filtering to "None'. Latency does go down. I'm playing around with this now to see if I can figure out what is causing the latency in the web filtering and if this is where the issue lies. The policy I am using is the default web filtering policy and it has not been modified. It is the one that came with XG.

     

    This is suspicious, can you please confirm:

    If "Scan HTTP" and "Decrypt and Scan HTTPS" is On and the Web Policy is a policy you have selected, then you will occasionally get latency.

    If "Scan HTTP" and "Decrypt and Scan HTTPS" is On and the Web Policy is "None", then you never get latency.

    If that is the case, can you please post a screenshot of your web policy.