Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 10292 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Full upload, slow download on XG Firewall

Morne Botha

Hi there!

 

I seem to be experiencing the exact opposite issue to the one posted here: https://community.sophos.com/products/xg-firewall/f/network-and-routing/80378/full-download-speed-slow-upload-in-software-xg-firewall

In my case, it's not my upload that is suffering, but my download.


History:

I used to use the UTM 9 - with a 3G modem. I have since changed to a Huawei LTE wingle, which doesn't behave like a typical cellular USB modem, instead it does the dialing itself (like a mifi/mobile hotspot device) and issues DHCP to any devices connected via USB and/or Wifi depending on the config.

This doesn't pose a problem as it's simple enough to change the WWAN interface to DHCP and then my network gets internet as per normal.

Both UTM 9 and XG are deployed on an ESXi server, and are allocated 2vCPU and 2GB RAM each.

Neither ever run into performance issues and there is always enough CPU and RAM available.

 

Problem:

It's a LTE modem, and my local ISP typically averages 20Mbps download and 20Mbps upload (obviously with some fluctuations).

When connected directly to my machine (i.e. not the XG appliance), I get full speeds. Even devices connected to the wingle AP also get full speeds in this way.

However, whenever I connect it to the ESXi host instead and pass it to the VM, my upload remains consistent, but my download drops to 0-2Mbps, i.e. a 10th of the speed I should get otherwise.

I have tested this and tried to eliminate all potential sources of issues including:
With and without QoS

With and without DoS and Spoof Protection

With and without AV filtering

With and without user authentication

With and without IPS

None of the above seem to have any effect whatsoever, even if ALL of the above are switched off/selected to none on the relevant firewall policy.

 

I can't test this scenario on UTM 9, as it doesn't seem to support the DHCP config option on a 3G/UMTS/LTE device which is necessary for this Huawei wingle.

I can however confirm one odd situation that seems to point at a particular issue (maybe enforced QoS even if QoS is disabled everywhere I can find):

I can have multiple devices connect via the UTM, and each of them seem to be limited to a maximum of 2Mbps download but unrestricted upload.

For example:

1 mobile device

1 laptop

1 desktop

All running speedtests at the same time, each will get up to 2Mbps download (i.e. I can consume more than 2Mbps overall, in this case up to 6Mbps), and they seem to effectively share the upload capacity between them - but no one single device ever seems to exceed the 2Mbps download threshold I keep hitting.



This thread was automatically locked due to age.
  • 0

    I have the same issue. I have a 1Gb connection to the internet. My download is about 8Mbps and my upload is 728Mbps. If I bypass the Sophos XG I get roughly the same download and upload speed. Please let me know what I could do.

  • 0

    I am still having this issue. I can connect through the XG 450 in Bridge mode and my download would be about 8mbps with an upload of 300mbps, if I bypass the XG 450 I can get speed up and down of about 500-800 mbps. I have an escalated case with SOphos currently to try to fix this issue.