Slow downloads on smartphones connected over AP

Hi,

we have a WiFi running for our smartphones mainly to update Android and apps. WiFi is offered through an AP55. Only smartphones can connect based on their MAC address. There is an own firewall rule for these connections with the following options active: HTTP scanning, block Google QUIC, detect zero day malware with Sandstorm, Scan FTP.

Unfortunately downloads are very slow. App updates take a long time and Android updates are canceled at a certain point by the smartphone itself.

As all updates are done over secure socket layer protocol and HTTPS scanning is not active I wonder what could be the reason. I checked the IP addresses that are used during update and always got to https://r3---sn-h0jeened.gvt1.com/ and https://r4---sn-h0jeened.gvt1.com/ so I excluded gvt1.com from HTTPS scanning, malware scanning and sandstorm. But also this showed no improvement on download speed.

Currently I wonder if the throughput of the AP55 is that slow?

 

Does anybody have any suggestions? Thanks.

  • In reply to LuCar Toni:

    ManBearPig

    I am just trying to help you with some hints. 

    I know. Thank you so much for your help! MTU was the keyword. :)

     

    Support indeed can't change MTU value, but currently we're testing with a lower MSS value and this looks very promising. I will keep you informed.

  • In reply to dja:

    dja
    Support indeed can't change MTU value, but currently we're testing with a lower MSS value and this looks very promising. I will keep you informed.

    It's curious. It worked for our testing Wifi, but if we change these values for our productive Wifis, it doesn't work. :-/

  • In reply to dja:

    How many voucher do you loose, if you recreate the wireless part? 

    There you could plan a little downtime and recreate everything. I would go with this way, if there are not many voucher currently in business. 

    Or you escalate the case via support to get a solution. 

  • After many many many tests we now have a solution for us. Indeed the MTU is the key. MSS remains unchanged.
    We changed our MTU to 1400, now everything works fast.

    Connect via SSH > 5.  Device Management > 3.  Advanced Shell:
    ifconfig <wifi_name> mtu 1400

    This is only a non-persistent solution. Sophos Support will create a startup-script for us, so this value will be set on every appliance boot.

  • In reply to dja:

    Did you get any hint if there will be a fix in an upcoming release of the firmware? A startup script isn't something I'd like to implement...

  • In reply to Jelle:

    I still go with the way to clear everything and reconfigure it to resolve this. 

    As far as i can tell, this is not on the dev track because it is already resolved for nearly everybody couple of months ago. 

  • In reply to Jelle:

    Jelle
    Did you get any hint if there will be a fix in an upcoming release of the firmware?

    Nope not really. They said there are constant Sophos-internal PM / Dev discussions and this is very customer-specific. So we just have to wait.

  • In reply to dja:

    Hello,

    we currently have the same problem with one of our customers. The XGs were all newly installed and shipped with the v17.

    The whole time there was the problem that clients were disconnected after 5 to 10 minutes. Only in separate zones.

    Now we had updated to the newest version and the MTU on all networks stands at 1450. Only with 17.1.3. Everything is fine on the devices before the update.

    Creating everything new comes at 15 XGs with captive portal 100 vouchers on the day actually out of the question.

     

    Will also adjust the MTU but hope for a fix

  • In reply to dja:

    Hi  

    Would it be possible to please PM me with your support case ID for follow up?

    If anyone else is also affected by a similar wireless MTU issue outlined in this thread, please raise a support case and send me a PM with your ID for followup.

    Thanks,

  • As a little info. Today I noticed the same behavior on a SG UTM with a customer.

    Here is the MTU value also 1450. Even if you assign the network an AP. But here only the AP 55c. If I take the AP 50 or 30 does not happen