Hello!
I'm in the need of some assistance, hopefully somebody could shed some light. The problem in which I am just about to discuss is indeed a problem in which I had previously experienced (or similar to) a good while back, but unfortunately, it was that long back that I can't jog my memory on what I did to resolve the issue.
The issue in which I am currently having is with data transfer between VLAN's. I had my installation of Sophos UTM running as a VM on a server running XenServer. Everything was running perfectly, but for a while, the physical server was running with it's resources maxed out (which isn't great). I decided to install XenServer on a second box, installed a dual NIC and then migrated the Sophos UTM VM to the second box. After making some adjustments with the network interfaces, everything was once again up and running.
Two days later, I started to notice excessive lag when transferring, say, a 5GB file, from the Client VLAN to the Server VLAN. The data transfer struggled to get beyond 5mbps, mostly sticking to 200-300kbps. Previously, I'd have got around 100-200mbps, when transferring data between VLAN's. I'm not sure if this problem is a result of migrating the Sophos UTM installation over to a different box or if this is the result of performing some updates to the XenServer installation itself.
I've stressed myself out again, where I've spent the entire day trying to work this one out. I've checked the Firewall and Intrusion Prevention. Nothing is really standing out to me and I haven't changed any of the settings in either the Firewall or Intrusion Prevention since migration. Strangely though, when checking IPS logs, I did come across this -
Total attacks blocked: 2
Rule ID Rule Description Rule group Packets %
1 38246 SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt Malware 1 50.00
2 38247 SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt Malware 1 50.00
When looking at those entries further, this appears to be when I was trying to transfer a 7gig file from the Server VLAN to the Client VLAN. This file does not contain a virus, so I am curious to why this has been flagged up?
Hopefully somebody out there can shed some light. This issue is starting to stress me out a bit now so overall, the issue is becoming even more difficult to resolve!
Cheers,
Richard
Forgot to mention! If I force a server and a client to use the L3 switch as the default gateway, data transfer between VLAN's is once again restored to 100+ mbps. If I then use the Sophos UTM as the default gateway, I once again struggle to get beyond 5mbps when transferring data between VLAN's.
This thread was automatically locked due to age.