Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 4 subscribers
  • Views 11999 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uploads Kill Internet Connectivity

Euphrates_01
Currently on 9.315-2 using software appliance.  It's a Core2Quad 8400 with 8GB of RAM.  Device is configured in bridge mode between main network switch and Cisco router. 

So here is the weirdness.  It would appear that IPS is causing some sort of bandwidth issue with Internet.  Essentially, if upload bandwidth goes beyond a certain point, Internet connectivity grinds to nothing.  I have a continuous ping going to 4.2.2.1 and running a speed test to speedof.me.  When I do so, once the upload speed starts or before its finished, Internet connectivity goes down and the continuous ping starts giving me "request timed out".  After a while, the pings come back but the speed test will either fail or give me a lowball measure.

Keep in mind that event browsing to a webpage, in which you have to upload your browsers request to the webpage in question, kills the Internet as well.

Now, with IPS disabled, everything works fine and the speed test runs successfully.  The pings continue, though, while the test is running, the response time is higher, in the ~180ms range instead of the ~30 second range.  I already disabled Web Protection in my testing to see if that was causing this and it only stopped once IPS is disabled.  

The live log doesn't show anything.  Mainly because I have a bypass for this website in the IPS (though, I assume, the bypass doesn't mean the traffic isn't still going through the IPS module, just that, it isn't looking at the traffic).  Issue started after upgrade to 9.315-2. 

Any ideas?


This thread was automatically locked due to age.
Parents
  • 0
    I'm experiencing the exact same problem. Quad core celeron appliance, 8GB. And an FTP at full upload bandwidth (which is only about 1.4mb in my case) kills my PPPoE (MLPPP) connection. Has anyone made any headway with this?
  • 0 in reply to JohnRiley
    If you fill the upload bandwidth with a connection, a new, outbound request will timeout unless a QoS rule gives it a chance. Still, do consider my comments on 11Aug 2015.

    Cheers - Bob
  • 0 in reply to BAlfson

    Perhaps I should have clarified "Kills Internet connectivity", and I have further information. I'm using PPPoE (MLPPP actually). And when UL is saturated, Sophos's OWN LCP send and ack times out. In other words it doesn't even provide itself enough bandwidth to keep the DSL alive. So when it doesn't receive an LCP ack back (after 5 attemps) it DROPs the internet MLPPP connection. My only cure so far?  Create a QOS rule that Sophos (all traffic) can only use UL BW minus 10kps.  

    This is obviously a bug, and/or poor design.

Reply
  • 0 in reply to BAlfson

    Perhaps I should have clarified "Kills Internet connectivity", and I have further information. I'm using PPPoE (MLPPP actually). And when UL is saturated, Sophos's OWN LCP send and ack times out. In other words it doesn't even provide itself enough bandwidth to keep the DSL alive. So when it doesn't receive an LCP ack back (after 5 attemps) it DROPs the internet MLPPP connection. My only cure so far?  Create a QOS rule that Sophos (all traffic) can only use UL BW minus 10kps.  

    This is obviously a bug, and/or poor design.

Children
No Data