Downloading/Uploading slow

HI,

Any ideas?

regards

You aren't giving us much information; do you use web filtering, ips, av scanning? How many users are using the UTM? Those can have a great impact on the speed.

HI,

Same result using SSH to Sophos UTM and a standard computer with HTTP proxy or IP.

If I open 3 o more downloads at same time, we can reach the  full download speed but not with single download.

Any idea?

Regards

What is the latency on the line? Is the client connected through WLAN? If yes do the same test with a cable.

Are you sure that the server is sending the information fast enough?

Use a speed test website like http://www.speedtest.net/ to a local sever with enough speed.

Do the same test with a client directly connected to the line with the IP of the WAN interface of the sophos.

Hi,

Using cat.6 wire

Some pings from my UTM

pasarela:/home/login # ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=10.0 ms

64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=9.81 ms

64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=9.66 ms

64 bytes from 8.8.8.8: icmp_seq=4 ttl=58 time=9.82 ms

To our ISP DNS servers 

pasarela:/home/login # ping 194.30.6.1 

PING 194.30.6.1 (194.30.6.1) 56(84) bytes of data.

64 bytes from 194.30.6.1: icmp_seq=1 ttl=60 time=1.65 ms

64 bytes from 194.30.6.1: icmp_seq=2 ttl=60 time=1.39 ms

64 bytes from 194.30.6.1: icmp_seq=3 ttl=60 time=1.41 ms

64 bytes from 194.30.6.1: icmp_seq=4 ttl=60 time=1.32 ms

Our ISP tests speed to a Mikrotik router up to our UTM and speed is OK. The problem must be between the Mikrotik gigaEth2 and the UTM gigaEth7.

Any ideas?

Regards

Edgar_Quintana said:

If I open 3 o more downloads at same time, we can reach the  full download speed but not with single download.

 

Any idea?

To me this sounds like an IPS "issue". IPS relies heavily on CPU-speed; the higher the speed, the higher the througput in one CPU-core. Unfortunately IPS is only able to use a single core for every connection/client therefore a single client will be able to reach a speed upto the point that this single core is at the max. Every next user will get the same (as long as enough CPU-cores are available) until you reach a point that you have reached your actual bandwidth.

To increase the single-user performance you only have 2 options: 1) Disable IPS (please do so if only to test), 2) use a different CPU with as high as possible CPU-speed.

Edgar_Quintana said:

If I open 3 o more downloads at same time, we can reach the  full download speed but not with single download.

 

Any idea?

To me this sounds like an IPS "issue". IPS relies heavily on CPU-speed; the higher the speed, the higher the througput in one CPU-core. Unfortunately IPS is only able to use a single core for every connection/client therefore a single client will be able to reach a speed upto the point that this single core is at the max. Every next user will get the same (as long as enough CPU-cores are available) until you reach a point that you have reached your actual bandwidth.

To increase the single-user performance you only have 2 options: 1) Disable IPS (please do so if only to test), 2) use a different CPU with as high as possible CPU-speed.

Hi,

When you say another CPU, are you talking about a bigger model?

I followed this document https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-sg-series-appliances-brna.pdf

IPS disabled and rebooted.. same result

The latency to the isp and dns is okay. but what about the latency to the source of the download?

I think you still should test with a pc directly connected to internet line.

The connection can only be as fast as the server allows for one single connection and the speed also is limited by the two hops with the smallest bandwidth between you and the server your  are downloading from ... You might be able to avoid the first limitation by opening more than one connection. You can not avoid the second limitation (when using the same source).

You should also look on the firewall and see what happens with the cpu load when you are downloading.

HI

no ping to ftp.rediris.es but you can check http://ftp.rediris.es/debian-cd/9.1.0-live/i386/iso-hybrid/ downloading an ISO file for example.

Regards

Hello,

I think a ping is not an indicator of speed and certainly not for bandwidth. ICMP is handled at the tcp.stack of the nic and not like a web service or ftp.service with ressource behind like hdd or pci bus etc. Data transfer via ssh is even more special since also the ssh server or and client load is generated on the computer. The best test setup would be with iperf. In direction to internet is not so easy to pass through. Therefore, always use ftp. A sleek service without encryption overhead.

I was able to download with aprox 4 MiB/s. My private VDSL internet line is 50 MBit/s down and 10 MBit/s up.

In the company we have 2 lines that with 100 Mbit/s down and 100 MBit/s up. We use two SG 135. They are located in the US and in Australia. The Headquarters are in Germany. I never get the whole bandwidth with one connection.

I did some tests in the past with iperf form Germany to the remote. You can only get close to the theoretical value if you use several connections in parallel. The latency has a great impact how fast you can transfer with ONE connection.

However the scenario is a bit different as the sitest are connected through a IPSEC VPN which gives you an additional layer and also some cpu load for encryption and decryption.

As the others have said, Edgar, you need to try with Intrusion Prevention disabled.  If single-user throughput needs to be maximized for some trusted downloads, you will want to leave Snort enabled, but make an Exception to Intrusion Prevention scanning for trusted sources.

Cheers - Bob 

Hi BAlfson,

I tried with no users connected and IPS disabled with a SSH session to UTM and run wget.

Same result with standar enviroment.

Regards