This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should we use the "Compress SSL VPN traffic" setting or not?

We have a Sophos XG 550 rev. 2 unit.  We have 60 or 70users utilizing Sophos XG SSL VPN at different times to remote into our network. Almost all of them utilize Remote Desktop for the purpose after connecting.  We have some users complaining of lag or outright freezes in the remote desktop session. There is little information as to why this is happening as the XG isn't over worked at the times they have reported the problem and sometimes it will work for that user for days before acting up again. We have gotten conflicting information on whether to check the "Compress SSL VPN traffic" setting or not. 

Is anyone using this setting and if so did it actually help with remote desktop performance if your users are utilizing that program?  We already use UDP for SSL VPN and I want to know for sure if I should use this before I jump into checking it.  Any insight is appreciated.



This thread was automatically locked due to age.
  • Hi,

    There are known vulnerabilities on compression with OpenVPN since 2018, if you want to check more information about this, then look here:

    https://openvpn.net/security-advisory/the-voracle-attack-vulnerability/

    Is anyone using this setting and if so did it actually help with remote desktop performance if your users are utilizing that program?

    In reality it doesn't help a lot on performance, but be sure to talk with the support about this, they will have more information than me.

    Also, what version are you running on the XG 550? There are lots of known issue with performance that should be (hopefully) fixed by v18 MR3.

    Thanks!


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • If it is a Windows RDS issue, you would have better luck using group policy to choose TCP instead of UDP. This makes RDS much more stable. 

    (Hope this isn't against forum rules)

  • RDP is already compressed, doing it again makes no sense at al. Compression needs time, even its little, it adds latancy. Dont use compression with RDP.

    Bart van der Horst


    Sophos XG v18(.5) / v19 Certified Architect
    https://www.bpaz.nl

  • FormerMember
    0 FormerMember

    Hi Josh,   

    Using compress SSLVPN won't give you best performance.

    About your users complain do you try to use the IP address instead of the name of the machine ? 

    If you've got a lot of freeze using the VPN SSL, I would suggest you to use Sophos Connect client as it used Ipsec. 

    You will get  a big improvement as SSL is slower than Ipsec.  Let us know. 

  • I looked at "Sophos Connect" but I didn't like that it involved 2 steps to install/configure (My end users will tar and feather me if I ask them to do this).  If it is indeed the future of VPN connectivity I will go that route but I really wish it were more streamlined.