Very slow or non-functional GoToMeeting, Microsoft Teams, etc.

For anyone experiencing a multitude of weird dropped communications issues like us, it appears all UDP traffic (including streaming audio/video, RDP, VoIP, etc.) through the firewall is affected (drop-outs) when what should be completely unrelated IPSec VPN connections made to the firewall via Sophos Connect clients.

So each time one of our 350 users connects or disconnects their Sophos Connect client, all UDP traffic currently streaming through the firewall drops for potentially several seconds for all users trying to view something. I have no idea why these things are related and there's actually no evidence of this in the logs but running the "set-vpn" disable command found in this KB article seems to have resolved it. https://community.sophos.com/kb/en-us/127785

It's still unclear on what the longer-term ramifications for disabling this might be as I haven't received a straight answer from support.

Anyway, the magic never stops with Sophos XG!

Do you have "Scan audio and video files" turned off?

Now we're trying disabling IPS in a rule specifically applying to those users having the issue though there is no log evidence IPS is the culprit. This is difficult since I don't know who or when in regards to these audiovisual conference meetings. Our usual IPS rule is a basic "LAN to WAN" rule we've used for years.

I have noticed apps being defined as proxy apps being blocked in app filters during audiovisual conferencing. The blocked IP addresses correspond to Microsoft, GotToMeeting, LogMeIn, etc. The technician did not seem to think this was an issue but it definitely seems weird to me.

Thank you! I believe I am scheduled for another call with the technician in a few hours.

Hi ken9000 

Thanks for sharing the service request number, I will check and inform you further.

PM-ed you the service request #.

Hi ken9000 

Thank you for sharing details, DoS setting is not applied in the firewall, it would be great if you could PM me the service request number so that I can check the history and observation of the support engineer, it would help us to assist you better. 

I believe DOS is disabled based on this but let me know where to check if not.

Total Available WAN bandwidth is set to the max of 2560000

Optimize for real-time VOIP was set to off but I have turned it back on per your recommendation.

Here's our current bandwidth usage from that button. Does this look right?

Priority 	Guarantee(KBps) 	 Limit(KBps) 
------------------------------------------------------------------
       0 	   15950.00		 256000.00    
       1 	       0.00		      0.00    
       2 	       0.00		      0.00    
       3 	       0.00		      0.00    
       4 	       0.00		      0.00    
       5 	       0.00		      0.00    
       6 	       0.00		      0.00    
       7 	       0.50		    192.00    
------------------------------------------------------------------
       7 	       1.00		 100000.00 (Default Policy)
------------------------------------------------------------------
Total    	   15951.50		 356192.00     

Total Available WAN Bandwidth: 2560000 KBps 

Thanks for the reply and offer of help! PM sent.