Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 41 subscribers
  • Views 5154 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL - Terrible speed

ADH

Reaching out here before calling support as its tricky to try and solve this with users connected and having to get them to redownload config files for changes. 

Running 17.5.7. We have TCP enabled and get about 1.5MB/ps on SMB share access.  We tried changing to UDP which bumped us to 2.4MB/ps.  We have a 500Mb connection.  Our other settings are as follows.  Any recommendations to try and get this up?

Compression off

AES-128-CB

SHA2 256

2048Bit



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Please check the system graphs and check WAN interface usage.

    Please check DOS settings for UDP flood and bypass SSL VPN port from it, if applied

    What is the ISP speed of the user system connect over SSL VPN?

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Hello,

     

    Interface usage was low and the end-user has Gig internet.   These tests have been tried on other end users as well. 

    What setting are you referring to for flood protection? There are no IDS/Scanning on the firewall rule for the SSL access. 

  • 0 in reply to ADH

    In XG, you can configure DOS Protection (Flood Protection) which will lead into speed problems, because XG will drop packets, which has to be re transmitted by the client. 

     

    Actually SSLVPN Traffic could be slow because of the way, the packets are transmitted. 

    If you start to lower MTU Size on Server, and Server XG Interface, will the speed be boosted? 

    Also lowering the MTU Size of the WAN Interface? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Won't lowering MTU cause other issues?  We only experience problems with SSL VPN.  I don't want to mess around with the server MTU as internally this all works fine

  • 0 in reply to ADH

    SSLVPN could be connected to MTU size issues. If you have a lower MTU size on the Endpoint / WAN interface. Each packets needs to be re transmitted with a proper MTU. That causes a huge delay, so to speak slow performance.

    There are plenty of old threads about this (Take a look at UTM / XG, should be the same for this). 

    __________________________________________________________________________________________________________________

Reply
  • 0 in reply to ADH

    SSLVPN could be connected to MTU size issues. If you have a lower MTU size on the Endpoint / WAN interface. Each packets needs to be re transmitted with a proper MTU. That causes a huge delay, so to speak slow performance.

    There are plenty of old threads about this (Take a look at UTM / XG, should be the same for this). 

    __________________________________________________________________________________________________________________

Children
Unfiltered HTML