XG reduced bandwith after time

Hello everyone,

I am using Sophos XG home version (17.0.6 MR-6) and having a strange behaviour of my WAN.

I am having a 250/25 mbit line at my local ISP which is working fine in general.

 

In general when running a bandwith test I get 230-240 Mbit down + 25 Mbit up - as expected.

But after a couple of hours/days my bandwith is reduced. The results varies from something below 1 Mbit and up to maximum bandwith.

I have contacted the support of my ISP and they told me that everything is fine. In addition to that I have also plugged a device direct to the WAN cable and got the full bandwith.

 

From my point of view my XG is slowing my bandwith down.

 

To resolve the issue I usually need to shutdown the firewall, power off the cable modem and restart both. Then I get my ordinary bandwith back.

 

To be honest: I do not have any glue why this is happening!?

 

In addition to that my XG also stops routing for some seconds. Meaning that I am not able to query any of my VLAN subnets.

So far I found nothing at the log files.

 

 

Does anyone has an idea how to start trouble shooting on that dilemma?

 

Regards,

Mathias

  • Hi Mathias,

    Sorry to hear about these issues you have been experiencing.

    For background information, how is your XG home firewall deployed? What does the resource usage of the XG look like when these strange issues occur?

  • Hi Mathias,

    is your XG on a VM? The slowdown behaviour indicates that one of your network is or has failed. The XG becomes very slow when the external network goes down. What do the star in your modem show?

    Ian

  • In reply to FloSupport:

    Good morning Flo,

     

    my XG home runs on my old server: Intel Xeon E3-1220 v2 (1155 Socket), 16 GB RAM, 2 NICs, 1 TB HDD.

    Regarding the average usage: I would say that in general it is similar to the ordinary work load - but I will have an explicit look next time.

  • In reply to rfcat_vk:

    Good morning Ian,

     

    no my XG runs with its own hardware (see above).

    The only thing which comes to my mind would be: My WAN port (Port 2) runs manually in 1000 Mbit Full Duplex. When it is set to "Auto" I only get 100 Mbit Halfduplex.

     

    In general the Modem does not show anything which indicates that it is not working as expected - also my ISP mentioned that the Modem does not showing any strange behaviour.

     

    Mathias

  • In reply to FloSupport:

    Okay so I get now 150 Mbit instead of 250 Mbit down - upload is still 25 Mbit.

    The resource usage is very low: 2 % CPU, 19 % RAM, 22 sessions

  • In reply to Mathias Mühlbacher:

    Hi Mathias,

    check the modem network setting and see if it will run auto or at least 1000mb/s full duplex, sounds like the modem is the weak point.

    Then check you IPS settings, disable the one with lots of hits, you can fine tune the IPS and build your own rule when you have identified the issue.

    Ian

  • In reply to rfcat_vk:

    Hello,

    You may run the command on console to check if there is any error on the interface that may have caused duu to negotiation issue.

    console > sh net interfaces

    Also for live error check you may go to 

    console > system diagnostics utilities bandwidth-monitor

    and enter 'u' twice

    You should get this table and ideally should be 0

    Bandwidth Monitor, (Sampling at every 0.500s), press 'h' for help

      -         iface                   Rx                   Tx                Total
      ==============================================================================
                Port4:            0.00 E/s             0.00 E/s             0.00 E/s
            Port3.502:            0.00 E/s             0.00 E/s             0.00 E/s
                Port1:            0.00 E/s             0.00 E/s             0.00 E/s
            Port2.503:            0.00 E/s             0.00 E/s             0.00 E/s
              GuestAP:            0.00 E/s             0.00 E/s             0.00 E/s
                Port3:            0.00 E/s             0.00 E/s             0.00 E/s
               vxlan2:            0.00 E/s             0.00 E/s             0.00 E/s
                reds1:            0.00 E/s             0.00 E/s             0.00 E/s
               wlnet1:            0.00 E/s             0.00 E/s             0.00 E/s
           vxlan2.101:            0.00 E/s             0.00 E/s             0.00 E/s
                   lo:            0.00 E/s             0.00 E/s             0.00 E/s
               ipsec0:            0.00 E/s             0.00 E/s             0.00 E/s
                 tun0:            0.00 E/s             0.00 E/s             0.00 E/s
                Port2:            0.00 E/s             0.00 E/s             0.00 E/s
                 imq0:            0.00 E/s             0.00 E/s             0.00 E/s
      ------------------------------------------------------------------------------
                total:            0.00 E/s             0.00 E/s             0.00 E/s

  • In reply to Aditya Patel:

    Hello everyone,

     

    thanks for your suggestions!

    I have done the above mentioned steps to see if there are any errors - no there aren't any errors. Either via "sh net interfaces" nor via "system diagnostics utilities bandwidth-monitor" commands.

     

    Regarding point of failure = modem: I don't think that it is the modem. Beside that I am not able to check any settings as it is property of the ISP.

    Another reason why (from my perspective) the modem is not guilty is that my VLAN routing is not working from time to time as well.

    Devices are up and running properly (all VMs).

     

    Mathias

  • In reply to Mathias Mühlbacher:

    Hi Mathias,

    You may try to run this command and check if this would improve the performance.

    Console  >system firewall-acceleration disable