This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Firewall Rules Graph

Hi everyone,

First, let me start by saying that I am extremely new to the Sophos world, so this may be a silly question.

I am trying to troubleshoot an issue we are having. End users are experiencing a pretty slow web browsing experience. Much slower than usual, we have a 500/50 internet connection coming into the facility. I have checked with the ISP and they cannot find any issues on their end. SO, I have landed at our sophos device for troubleshooting.

I'm thinking back before this issue started, I used to see a lot more blue on that graph than there is currently. But to be honest I don't actually know exactly what that graph is telling me. Can someone explain the graph? Another thing I noticed, is that my Bandwidth will drop extremely low at times. Can anyone point me in the right direction? This is a Sophos XG310 running 17.5.10 MR-10 running in HA mode.

Thanks!

This thread was automatically locked due to age.

0 LuCar Toni over 6 years ago

Wondering, you are only having 4 Firewall rules in total on a XG310?

360 Sessions in total looks like, you do not have many users behind this XG?

I would start to verify the current bandwidth available on the XG kernel.

Log into the Shell and try a Download directly to the kernel.

wget -O /dev/null http://speedtest.dal01.softlayer.com/downloads/test100.zip

From those performance numbers, i would suggest to work on the next steps.

If the performance is good, something within the Linux configuration or behind XG is causing your performance issue.

If the performance is bad, something in front of XG(ISP) is causing the issue.

__________________________________________________________________________________________________________________
- 0 Zachary Ballard over 6 years ago in reply to LuCar Toni
  
  Hello!
  
  Thank you for your response. We have about 100 users.
  
  I will try your suggestion above and get back to you.
  
  Thanks again!
- 0 Zachary Ballard over 6 years ago in reply to LuCar Toni
  
  Hello. I am getting a Network is unreachable when trying to do the test.
  - 0 LuCar Toni over 6 years ago in reply to Zachary Ballard
    
    Try some other links like: http://ipv4.download.thinkbroadband.com/1GB.zip
    
    __________________________________________________________________________________________________________________
  - 0 Zachary Ballard over 6 years ago in reply to LuCar Toni
    
    Here are the results.
  - 0 LuCar Toni over 6 years ago in reply to Zachary Ballard
    
    12 mb/s looks fine to me.
    
    If you download the same file with your browser - How fast is the download?
    
    __________________________________________________________________________________________________________________
  - 0 Zachary Ballard over 6 years ago in reply to LuCar Toni
    
    Looks to be about the same.
  - 0 LuCar Toni over 6 years ago in reply to Zachary Ballard
    
    500 Mbit/s - I would expect something ~62.5 mb/s.
    
    Not 12 mb/s. As you received the same performance on Linux, the assumption, there is something broken on your ISP.
    
    Suggestion: Check your Interface of XG to your ISP: ethtool and ifconfig would be interesting.
    
    __________________________________________________________________________________________________________________
  - 0 Zachary Ballard over 6 years ago in reply to LuCar Toni
    
    Thats what I was thinking. Pretty slow for the amount of speeds we are paying for.
    
    My wan port on the XG is port 2. What commands could I run to find some info? Sorry, im not very good with linux.
    
    Thanks!
0 rfcat_vk over 6 years ago

Hi,

the colour i the graph show the traffic being passed by the type of rule based on the colours of your active firewall rules just above the graph. I would not worry about the values shown in the graph they are more an indication that your have active users. Please check the diagnostics tab to see more realistic network traffic values. Ian

XGS118 - v22.0 EAP

XG115 converted to software licence v21.5.0

If a post solves your question please use the 'Verify Answer' button.
0 lferrara over 6 years ago

Zachary,

the graph mentioned is useless. You can understand if the usage of users rules is higher than Network rule and vice-versa.

Use the Connection list inside Diagnostics or use iftop from advanced shell.

The speed seems to be very low. Check the Traffic shaping settings under system settings.

Regards
- 0 Zachary Ballard over 6 years ago in reply to lferrara
  
  Hello!
  
  Here is the statistics from my WAN port
  
  Also, here is my traffic shaping settings.
  - 0 Zachary Ballard over 6 years ago in reply to Zachary Ballard
    
    Also,
    
    Here are the graph related to my Wan interface. Users are complaining of slow browsing and I am also noticing that browsing is slow and sometimes times out.
    
    My ISP, while not very trustworthy, says they see no issue. I don't believe them to be honest. I suppose the cable modem could be having issues??
  - 0 lferrara over 6 years ago in reply to Zachary Ballard
    
    Zachary,
    
    first of the traffic shaping settings is expressed in Kbytes.
    
    Second:please share more details of: dns server used, http scanning and ips settings.