Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
Reaching out here before calling support as its tricky to try and solve this with users connected and having to get them to redownload config files for changes.
Running 17.5.7. We have TCP enabled and get about 1.5MB/ps on SMB share access. We tried changing to UDP which bumped us to 2.4MB/ps. We have a 500Mb connection. Our other settings are as follows. Any recommendations to try and get this up?
Hi ADH Please check the system graphs and check WAN interface usage.Please check DOS settings for UDP flood and bypass SSL VPN port from it, if appliedWhat is the ISP speed of the user system connect over SSL VPN?
In reply to Keyur:
Interface usage was low and the end-user has Gig internet. These tests have been tried on other end users as well.
What setting are you referring to for flood protection? There are no IDS/Scanning on the firewall rule for the SSL access.
In reply to ADH:
In XG, you can configure DOS Protection (Flood Protection) which will lead into speed problems, because XG will drop packets, which has to be re transmitted by the client.
Actually SSLVPN Traffic could be slow because of the way, the packets are transmitted.
If you start to lower MTU Size on Server, and Server XG Interface, will the speed be boosted?
Also lowering the MTU Size of the WAN Interface?
In reply to LuCar Toni:
Won't lowering MTU cause other issues? We only experience problems with SSL VPN. I don't want to mess around with the server MTU as internally this all works fine
SSLVPN could be connected to MTU size issues. If you have a lower MTU size on the Endpoint / WAN interface. Each packets needs to be re transmitted with a proper MTU. That causes a huge delay, so to speak slow performance.
There are plenty of old threads about this (Take a look at UTM / XG, should be the same for this).
Can you pls provide some examples regarding that mtu ?;)
In reply to Roman klisiewicz:
There are many examples in the community, which lead to the MTU.
No client or server would have had MTU size changes made so I would expect they are all at windows defaults. Is his common for SSL vpn with all companies like meraki, palo alto, and fortinet for example?
So this is an issue with openvpn? Sorry I'm not a networking expert. I'm skeptical any large companies deploying this would be hacking up server MTUs sizes etc.
SO it looks like the problem isn't SSL VPN - I just built up an L2TP connection and have the same problem. We have a basic firewall set up. Any idea? I guess I will open a case.
Hi ADH Please PM us the service request number once you open a case with the support.