Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
We'd love to hear about it! Click here to go to the product suggestion community
I have an XG 125 with an AP55C and AP55. Full signal strength throughout the entire building.
My Guest WiFi experience is horrible, and Sophos support doesn't seem to know why. We're talking 1-2Mb/s slow when they are paying for 25Mb/s. Their main internal WiFi that is bridged to AP LAN gets 25Mb/s. But their guest wifi only gets 1-2Mb/s. I am not throttling the traffic in any way. I have tried only a 5GHz band, and only a 2.4GHz band, and different channels, etc... same result.
One thing I did try that fixed the problem is changing Client Traffic from "Separate" to "Bridge to AP LAN". For some reason keeping it separate is severely restricting the traffic, but I have no idea why... I obviously don't want to Bridge to AP LAN for a Guest network. Has anyone had similar experiences with slowness when using a Separate client zone? Is there a way to overcome it? Please note that the problem still happens whether I set the zone to "Guest" (which I created), or "WiFi", or even "LAN".
I know my policies are too lax right now -- they are intentionally so until I get to the bottom of this slowness issue when using the Guest network. I don't believe it's a policy issue because when I set the zone for the Guest network to be "LAN" or "WiFi" it uses the main LAN to WAN policy, and I know that policy works fine because my main Bridge to AP LAN WiFi network works flawlessly. Soooo... why does choosing "Separate Zone" make my Guest WiFi slow to a crawl, and how do I fix it?
Here's some screenshots of my settings:
Can you try with a private ip range (like you did for your LAN) and see if that changes anything ?
10.100.0.1 as example
Regards - Raf
I wanted to ask you if the MTU hack solved your separated zone wifi problem.
Happy Holidays and a great New Year.
In reply to MarkusSchlüter:
I have a Shuttle barebone with 2 network adapaters (WAN / LAN) and the MTU hack did neiter solve nor improved my wifi performance problem in separated zones.
Any other idea?
If I am correct 'Separate Zone' is a special case of VLAN - checking the log files, etc. regarding 'vxlan' entries.
Did anyone try to solve this performance problem by using real VLANs instead of 'Separate Zone'?
If anyone knows if this solves the problem, I would be willing to give it a try :-P
In my case it would mean a few hours of work and it would be nice to know beforehand if I can expect an improvement.
Problem solved since SFOS 16.05.2 :-)