Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 8593 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow file transfer speeds

mattclarke

My organization has two locations, an ASG120 in the remote location and a SG230 at the head office.  The ASG120 has a 30/30 fibre connection and the SG230 has a 100/100 fibre connection.  The two locations are linked with a IPSEC VPN.

 

We are having serious file transfer speed problems between the two locations.

 

From 230 to 120 ->  we get about 250/KBps

 

From 120 to 230 -> we get about 1.4MBps

neither are acceptable speeds considering our bandwidth available.

Internal LAN speeds are fine, and when testing with  remote VPN users, they reach speeds of 4.5MBps when transferring from the SG230 to their local machine.  I should note that the vpn user is in the same city as the remote location, to try and reduce distance as a significant factor.

 

Can someone offer suggestions on how to better troubleshoot and maximize our available throughput between the two locations.

 

Thanks,



This thread was automatically locked due to age.
  • 0

    Hi Matt,

    Start with doing #1 in Rulz - does that give any insight? (I don't expect it to, but we should cover the basics.)

    Please insert pics of the IPsec Connection and Remote Gateway definitions open in Edit for both locations.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi, Bob.

     

    I have turned off IPS, as well as adding exceptions to IPSEC service (IPSec, IKE, NAT-T).  There was no change in speed.

    Here are screen shots of the info you requested.

     

    UTM120 (remote site)

     

    SG230 (head office)

     

    I was asking both locations ISP for the MTU, and one CS was helpful enough to suggest the following:

    fragmentation in IPSEC and changing the mss has had positive results.

     http://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html

    1. Enable Shell access to the UTM
    2. Login via SSH 
    3. Issue the following commands

      iptables -t filter -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440

      echo "iptables -t filter -I FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440" > /var/mdw/hooks/packetfilter_advanced

      chmod 400 /var/mdw/hooks/packetfilter_advanced

     

    I have not done the above, as I am not comfortable making shell changes without knowing how to revert back.

     

    Thanks.

    Matt

  • 0 in reply to mattclarke

    Matt, please re-read #1.  I don't think disabling IPS makes any difference in these situations.  What's in the logs?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to mattclarke

    this can be closed.  There was a cisco 2950 infront of the UTM that was causing the slow speed.

  • 0 in reply to mattclarke

    Thanks for letting us know, Matt.

    Ya know, when I think of a cheap switch in front of the WAN port, it's a 4-port HP. [;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML