Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-2-Site and SSL VPN slow

watch_this
Hello everybody,

i have a problem with my new installed Sophos UTM v9.100-16. It's a VM with 2 vCPU's (3,40GHz), 2GB RAM and 80GB HDD and activatet with a home user license. All functions like IPS, Web-, E-Mail-, Endpoint- und Webserver Protection are disabled.
I have built up an IPSec VPN between Sophos and WatchGuard.

phase1: SHA1-3DES DH1024
phase2: SHA1-3DES

Both sites have a 100MBit/s synchronous connection, but i can only transmit with ~11mbit/s through the tunnel (whether http, ftp or smb). The cpu and ram load of both (Sophos and Watchguard) is less then 30%.
It's the same behavior if i transmit data through a site-to-end SSL VPN between the sophos and a client (encryption algorithm: aes-128-cbc, authentication algorithm: sha1, key size: 1024bit).
Without a vpn tunnel i can transmit data with ~95mbit/s in both directions and with a site-2-site vpn with same settings between the watchguard and a linux box it's about 80mbit/s.

Is there any reglementation in the home user license or is there another reason for this poor perfomance?

regards,

watch_this


This thread was automatically locked due to age.
Parents
  • 0
    Hi, and welcome to the User BB!

    There's no such limitiation.  If you haven't already done so, use the software ISO to install, not the pre-packaged virtual image.  Use the VMXNET3 drivers, not the Flexible.  Did that resolve your issue?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, and welcome to the User BB!

    There's no such limitiation.  If you haven't already done so, use the software ISO to install, not the pre-packaged virtual image.  Use the VMXNET3 drivers, not the Flexible.  Did that resolve your issue?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hi Bob,

    thanks for replay! I have used the iso to install, but i can't use the vmxnet3 driver, because it's a proxmox virtuel environment.
    Anyway - i think the network interface cards are correctly recognized:


    Any other ideas?

    regards,

    watch_this
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML