Thread Info
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 10304 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UDP packetloss only when behind Sophos UTM 9 (Home)

Ed Kerstetter

Hi all,

I am running UTM 9.407-3 virtualized on VMWare 6.0. I am experiencing inbound/outbound UDP packet loss (between 5-10%). I've ruled out it is my VMware setup, as I have an Ubuntu box running on the same VM host that the Sophos UTM is running on. If I move it behind the FW I get drops, if I move it in front, I do not get any drops.

Specs are as follows for server: Intel Celeron Processor 3215U Dual cor, 8GB RAM, 120GB HDD, Intel i211 RJ45(x4)

VM specs for Sophos: 2 cores, 6GB RAM, 60GB HDD, VMXNET3 (also tried e1000 w/ same result)

I tried turning off all other services (A/V, IPS, Advanced Protection, etc) on the Sophos UTM besides for the single outbound FW rule and NAT masquerade. The issue still happens.

TCP Upload/Download speeds are fine.

I've been struggling with this for weeks and haven't made any progress.

Thank you,



This thread was automatically locked due to age.
Parents

  • Hi, Ed, and welcome to the UTM Community!

    I'm pretty certain I know what you'll find when you follow #1 in Rulz, but, in the spirit of teaching man to fish...

    Cheers - Bob

  • in reply to BAlfson

    Hi Bob,

    Thank you for your response.

    As I mentioned, I disabled everything except the Firewall service. The firewall live log doesn't show any blocked traffic coming to or going from the public IP that is doing the TCP/UDP test. All network/host entries have a Interface set to <<Any>>. I checked all the applicable remaining Rulz and I'm in compliance. I checked the interfaces for drops/errors and all are showing 0. I swapped out network cables as well. The same cable used when plugged directly into the router works, but when I plug it into the UTM I get the drops. Reducing MTU doesn't work either.

    Thank you,

  • in reply to Ed Kerstetter

    Did you look at the Intrusion Prevention log?  That's where Anti UDP Flooding activity is recorded.

    Cheers - Bob

  • in reply to BAlfson

    Hi Bob,

    So (as you assumed) it was UDP Flood Protection. My confusion came from the fact that certain IPS features (anti-flood, etc.) are enabled even when the IPS feature is disabled. This seems counter-intuitive but I guess it's just a quirk of this particular system.

    I would image that anyone doing any sort video conferencing would run into this issue. Unless I'm forgetting enabling it, it seems it was a default setting. Why such a low allowance with the default setting?

    Thank you for your help.

  • in reply to Ed Kerstetter

    Yes, every site will have different streaming devices for which the admin must make individual Exceptions.  Changing the packet rates is not a good answer for the present issue.

    Cheers - Bob

Reply Children
No Data