Slow Internet Speeds

Hello World,

 

I replaced my CheckPoint firewall with the Sophos XG firewall. With CheckPoint I was averaging about 800mb down and 900mb up. I have a 1GIG fiber connection. With sophos i'm struggling to get 300mb down and just over 500mb up. 

 

I recall seeing an article or two on the best recommended settings to achieve the fastest internet speeds possible via the Sophos XG firewall. 

 

Anyone know where I can relocate the KB and/or does anyone have any recommended settings I could use to achieve the highest speeds possible.

 

I searched several speed related post in this community and tried several to no avail. 

 

Thanks for all responses. 

  • Hi,

    please check you IPS settings more than likely you are seeing high high false attacks.

    Ian

  • Hi BobbyDigital,

    First of all check if DoS & Spoof Protection is enabled? Is there any DoS attack logged? I would also suggest you to check log viewer while running speed test, change log type to IPS and check if traffic being dropped? Have you noticed high CPU or memory? 

    If it is not IPS or DoS, I would suggest you to get SSH access to the firewall and check if there are any interface level errors or packet drops on the interface level. 

    You can use "ifconfig <Interface name>".

    I wold also suggest you to check the interface speed by running "ethtool <Interface name>".

    Thanks,

     

  • In reply to H_Patel:

    DO& Spoof protection is disabled. 

    IPS is only detecting and logging.

    ifconfig shows no errors on the outside interface.

    CPU is running under 5% and memory utilization is maxing out at about 30-35%.

    I'm going to test creating a new rule with no extra security features enabled. I will report back after running a few test.

    If anyone has any other recommendations I am willing to test them out. 

  • Hi BobbyDigital,

     

    There are no defined steps to check on issues with speed, so we usually try multiple ways as mentioned below:

     

     

    Try checking how much speed we are getting from ISP on XG's console using below command.

    wget --no-check-certificate -O - raw.github.com/.../speedtest_cli.py | python

     

    1) Try Creating a plain firewall rule and ensure the traffic flows through the same. everytime use incognito window to check the same.

    2) Check DNS settings and test the same from sophos GUI.

    3) Try turning off Strict Policy using below command.

    Console>set advanced-firewall strict-policy on/off

    4) Try tweaking "set advanced-firewall" parameters.

    5) Toggle application classification / microapp discovery using below commands.

    system application_classification on/off

    system application_classification microapp-discovery on/off

    6) Check for drop packets.

    7) try turning off AV, IPS and application classification.

    8) try changing port negotiation from Auto to 100 Full n 100 Half ( This is only recommended when you are infront or nearby the device as you may lose connectivity)

    9) try changing MSS from 1460 to 1452 and to 1280 MTU MSS ( This is only recommended when you are infront or nearby the device as you may lose connectivity)

     

    Below KB from Cyberoam can be useful to test various methods.

    https://community.sophos.com/kb/en-us/131244

     

    If none of them helps then I feel you need check the sizing.

    Try opening a support case at "support@sophos.com" to investigate further.

    Before opening the ticket, ensure you have the output or proof, where in you can prove that you were getting higher speed before swapping.

     

    Regards,

    Sanjay

  • Hi,

     

    First thing, what appliance you had with checkpoint, and what appliance you currently have with sophos xg?

    Both Checkpoint and Sophos uses x86 on their appliances, so It's good to know what you had before.

    Also how are you testing your internet speed? html5 speedtest? Iperf? Or your using something like Cisco Trex, Avalanche Commander?

     

    Thanks.

  • In reply to Prism:

    I was using a 2800 Checkpoint appliance. one of their least powerful appliances by far. 

    I'm using several speed test sites to test my speed. 

    I read another thread to which a user was using FIOS and having the same issue and sophos recommended firewall rule changes and moving the rules to the top. I booked mark the thread but I am no longer able to access it as the thread may have been removed and/or deleted.

    I'm open to any and all suggestions. 

    Thank you to everyone for your responses thus far.

  • In reply to BobbyDigital:

    BobbyDigital
    I was using a 2800 Checkpoint appliance. one of their least powerful appliances by far. 

    Thanks, but what Sophos appliance your currently using? If It's a self build appliance, then what CPU your currently using?

     

    Also something to put in mind, Depending on what speed test your using, If It only spawns a single connection, you will be forced to use only a Single Core on XG.

    Also what version your running on it? v17.5.x or v18 EAP?

     

    Some questions about your rules:

    1) You're using IPS?

    2) Do you have DOS Protection enabled?

    3) Is there QoS being applied?

     

    Thanks,

  • In reply to Prism:

    Yes. Self Built appliance for testing. AMD Quad core / 8gigs of memory using only 6. (home license)

     

    version - 17.5.9 MR-9

    1.) IPS is only in logging mode. 

    2.) DOS is DISABLED

    3.) No QOS rules 

     

    Thank you

  • In reply to BobbyDigital:

    BobbyDigital
    Yes. Self Built appliance for testing. AMD Quad core / 8gigs of memory using only 6. (home license)

     

    2 Things:

    1) What CPU model your currently running? Ryzen? Athlon?

    2) Can you disable IPS in your rule and to the speedtest again? Depending on the CPU you have you should see line-rate throughput, on both download and upload.

     

    Your throughput on XG while using IPS will be fully dependent on what your CPU is capable off.

     

    Thanks,

  • In reply to Prism:

    1.) AMD Ahtlon 

    2.) I disabled IPS and I created a new firewall with absolutely nothing enabled and my speed only increase minimally. 

     

    my CPU is at 2% and memory at 33%.

     

    Thanks

  • In reply to BobbyDigital:

    Same problem here, guys.

     

    Any response?