Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Answers 5 answers
  • Subscribers 44 subscribers
  • Views 31635 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All Web pages loads very slowly with a fast internet connection

Samuel Venker

Dear Sophos Team,

 

Our company moved to the latest Sophos XG 105 (firmware SFOS 17.1.0 GA) with 15 users and we are overall very happy with it.

We currently only have the base firewall licence and shortly the network & web protection (license not received yet).

 

We have it coupled with a modem ZYXEL that acts as a PPPoE with a Fiber Optical line at 100mb/s up and down.

 

When we test the connection speed with speedtest.net, everything goes fast at 99 mb/s which is perfect.

However, when we are surfing, the speed to access a page is extremely slow like if the Sophos was doing many checks before grading the different elements.

Before the change to Sophos with exactly the same line, we didn't have such a slow down which makes us beleive that it is coming from the Sophos.

We have added a Firewall rule Lan-to-Internet which is very basic without any scanning or protection. Only Maskerading is ticked -> Without this, no internet access.

Can someone kindly help us to reslove this issue please ? I have attached different screenshot below.

 

THANKS in advance

Sam

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Samuel Venker,

    You could start by checking the interface negotiation 100FD or 100HD ,you may also check if there is any negotiation issue between WAN or LAN with the next in-line device.

    Open Console go to Option 4 and typ ethe command

    console > system dia uti band       "press 'u' twice"

    Check if there is any error's E/S  (error/second)

    If so then lower the link speed.

    Also another step provide us the output of the command;

    Console> sh net interfaces

    You may obfuscate your Public Address for privacy and try to change the MSS value to 1452 and MTU to 1492.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Hi Aditya,

    Thanks for your feedback. Very appreciated!

    I did what you just said but I am confused by the MTU changes.

    First, I checked the errors doing the "system dia uti band" and I don't get any errors:

     

    Then I do the cmd: sh net interfaces or ifconfig in advanced shell, this what I get:

    However, when I try to lower the MTU, it says that I need to have 48bytes difference which I believe I have...

    Am I changing it in the right place ? It is suprising that I cannot change the MTU. I tried to clicked "Overwrite MTU"

    Appreciate your help on this.

    Regards

    Sam

     

     

     

  • 0 in reply to Samuel Venker

    Hi Samual ,

    You can set the MTU the same and check if the connection speed would improve using MSS value is 1412.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Hi Aditya,

    Still the same issue with the setting below...

    To give an example, I just loaded https://www.bbc.co.uk/  (from Firefox with private browsing) and it takes 30 seconds. It seems that every back and forth with the site are taking ages...

    If I use my 4G network on my mobile and share the connection via Wifi, it takes roughly 7 seconds.

    Any idea ?

  • 0 in reply to Samuel Venker

    Hello,

     

    Could you try to reboot the firewall and check if it's better?

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to VikenNajarian

    Hello,

    Still the same :-(

    A video with the Sophos: https://youtu.be/X9Jh5yN_lnw

    (I also tried directly on the LAN at 1000mb/s)

    A video with the 4G tethering: https://youtu.be/pDF5il8Diqc

     

    Any other idea please ?

    Regards

    Sam

  • 0 in reply to Samuel Venker

    What is the speedtest behind firewall ?

    I would remove direct connection between modem and firewall and use a switch to connect them. It is worth a try.

  • 0 in reply to Support Chn

    Here is the result of the speed test. All is perfect.

    I don't have a spare switch to put between the modem and the Sophos Firewall. I am actually suprised that you are suggesting this.

    For information, this morning I tested with our previous Router and everything is perfect with it. All webpages are loading very well !

    Please check the video where you see the page loading very quickly without the sophos (same modem, same wifi): https://youtu.be/0ZSH_KyZUIk

    I am tempted to request a refund as this is not wroking properly !

    Any other idea would be appreciate ?

    Sam

  • 0 in reply to Samuel Venker

    If you can download a file at full download speed behind firewall,i would check the DNS. If you are not finding any issues with DNS settings, we are running out of options.

  • 0 in reply to Samuel Venker

    Bonjour,

     

    Je me permets de vous répondre en Français car je vois que le speedtest est en français! 

    Effectivement comme le soulignent les autres personnes il pourrait s'agit d'un problème de DNS, ou alors d'un problème de configuration sur le Firewall.

    Sur quels serveurs DNS pointe le client sur lequel le test de connexion est effectué ?

    Viken

    XG Certified Architect

    Sophos Gold Partner - Reseller from Lyon, France

  • 0 in reply to Samuel Venker

    Hi SAM ,

     

    Best thing to check is by using a test website which has a low foot print, eg test website 103.23.140.55

     

    on the Console of the XG firewall check the packet flow using command console> tcpdump'host 103.23.140.55

     

    You could also try on bbc.com and share us the results . You may obscure the public address for privacy concern.

     

    Also Check if the setting would help MTU 1492 and MSS 1412 or 1380

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Reply
  • 0 in reply to Samuel Venker

    Hi SAM ,

     

    Best thing to check is by using a test website which has a low foot print, eg test website 103.23.140.55

     

    on the Console of the XG firewall check the packet flow using command console> tcpdump'host 103.23.140.55

     

    You could also try on bbc.com and share us the results . You may obscure the public address for privacy concern.

     

    Also Check if the setting would help MTU 1492 and MSS 1412 or 1380

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

Children
  • +1 in reply to Aditya Patel

    Hi Aditya, VikenNajarian,

    IT WORKS !!!!!!!!!!!!!

     

    The error was that the DNS was on "Static DNS" with 192.168.1.1 only.

    I changed to "Obtain DNS from PPPoE" and rebooted the machine.

     

    Now all is fast and furious ! I also put back the MSS back to automatic which is 1452.

    Thanks for all your support !

    Sam

Unfiltered HTML