Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 19744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS not resolve while using captive portal

Amrish

Hello Sophos XG community,

 

This is my first post in XG community. I was using sophos ASG220 firewall since last 7 years but recently I switch to sophos XG firewall and after switching to XG firewall, issues were raises.  

Currently I have a XG210 firewall with below configuration,

1. We have configure more than 25 VLANs

2. We have configure more than 100 users

3. All users are using internet via Captive Portal or Client Authentication Agent

4. Admin users and Super users's machine MAC's are bypass for internet so they can access Internet without Captive Portal 

 

Problem:

If we use Internet without Captive Portal or Client Authentication Agent then Internet surfing (Internet speed) working fine as configured but If we use Internet with Captive Portal or Client Authentication Agent then Internet speed is too slow and It taking too much time to open for a single website.

 

What we have mark,

- If we use Internet without Captive Portal ( mean my network have no need to authenticate or my machine MAC is bypass from authenticate)  and try to ping global DNS (8.8.8.8) then response time is 15ms to 20ms.

- If we use Internet with Captive Portal and try to ping global DNS (8.8.8.8), then response time is more than 1500ms and it varies to 3000ms. I thought that because of this I suffer problem while surfing Internet.

 

Can anyone have any Idea to resolve this issue. My whole network and all users suffering problem because of this issue since last 20 days. Getting suggestion are appreciate.



This thread was automatically locked due to age.
  • 0 in reply to Aditya Patel

    Hi Aditya,

    Thanks for response. My comments are in Red,

    Aditya Patel said:

    Hi Amrish, 

    Could you verify the number of simultaneous users in your network, As per our recommendation for your model is between 60-80 as you are using FullGuard protection (WEB/Application/IPS/Email) . 

    [Amrish]: Yes that could be a problem. My total users are may be more than 70. But again to ask that, those 60-80 users are Captive Portal users only or those users included super users and admin users too mean total users those are using Internet. I am asking about it because there are 12-15 numbers of super users which MAC address bypass for Internet access. Those users never face this slow browsing Internet issue. Only Captive Portal users face this issue.

    Also, Check the traffic through the WAN interface, it would seem you have 2 lines and both speeds seem different. Check on both ISP if there is a deviation on the speed. If the result is the same then check the Memory and CPU usage for any abnormality. 

    [Amrish]: My total WAN bandwidth is 35Mbps, but traffic never exceed above 20-22 Mbps mean speed is not an issue and even there is no any deviation on WAN speed. For the CPU and Memory, I have marked that CPU never goes above 10% and Memory never goes above 35%. So that we can say that CPU and Memory also not an issue.

    I would also recommend removing IPS policy to test the performance as well. 

    [Amrish]: I have tried already but result is same.