Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 5 subscribers
  • Views 16228 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-site VPN upload issue

LeeHwa

Hi,

Currently I'm facing issue on the VPN upload speed.

- FTP upload to Web hosting, the upload bandwidth is 500kb/s-700kb/s.

- VPN upload to other branch Sophos XG, the upload bandwidth is 100kb/s-200kb/s only.

 

My side Sophos model is SG135/UTM9. The IPsec policy attached as below.

 

Any idea or advise on this?

 



This thread was automatically locked due to age.
  • 0

    In your screenshot the unit of messurement is KByte not Kbit. Please be aware of this. The bandwidth of the WAN interface on the other side is larger, just to be sure?

    Are you using the same files for this test? Maybe try to turn off compression.

    -

  • 0

    What are you using for the VPN upload test?  If you aren't already, I would suggest setting up an FTP server on the other end of the VPN for a true comparison.

  • 0

    What ist the maximum up/down bandwidth to the internet on the local site?

    What is the maximum up/down bandwith to the internet on the remote vpn site?

    What is the maximum up/down bandwith to your web hosting?

    What kind of files are you transferring (on big file or hundreds of small files). What kind of protocol are you using in the ipsec case to transfer the date (SMB?)? What is the latency between local site and the remote site and the local site and your web hosting?

  • 0

    Maybe have a look at a software which consists of a server and client part for throughput testing. I used it in some cases. This will give you more compareable results.

    Just google for tamosoft throughput test.

    Best

    Alex

    -

  • 0

    Hi, Lee, and a belated welcome to the UTM Community!  I see you've been here for over a year, but it's the first time I've been in a thread with you.

    I don't remember the details, but there's a vulnerability in AES 256, so I recommend the "AES-128 PFS" Policy.  That also should be much faster than your current IPsec encryption algorithm.  Depending on your hardware, compression can slow down throughput, so I agree that you should try with that off.

    Also as suggested above, you should try testing apples to apples.  FTP direct and then FTP through the tunnel to the same server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Alexander Busch

    Different files. The VPN for data snapshot replication.

     

    Turn off/on compression not work for this. Even remove and recreate the policy.

  • 0 in reply to Robert Yount

    Yes, will setup the FTP server on their PC and further test on this.

  • 0 in reply to BAlfson

    Changed to the default AES-128 PFS Policy, the VPN connection is not working.

     

    The compression on/off method is not work, the upload speed still same.

     

    Will setup the FTP server on their side and test again.

  • 0 in reply to LeeHwa

    You must change the Policy on both ends - or did you mean that changing to AES 128 made no difference?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML