Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 18 MR3 DPI slow download

Hi all,

after going from decrypting HTTPS traffic by proxy to the dpi engine my download performance dropped massivly.

I am on a SG 230 hardware where the XG 18 MR3 is installed on.

Taking the same side downloading an ISO file via HTTPS with proxy and SSL decryption a get 100mbit/s troughput which is the max of my internet connection.

switching to DPI I get arround 16mbit/s. If a start a second, third download an so on I can max out my internet connection.

switching back and forth between proxy and dpi I can always reproduce this.

this happens only to HTTPS sessions with DPI turned on.

The load on the FW is never higher than 20% while testing.

Could there be an issue that DPI is somehow limiing the throughput within a session? No QoS is defined...

I tried different DPI policies and nothing changed the behavior.

Thanks for your help


This thread was automatically locked due to age.
  • Hi, i have the same problem. My internetconnection has 250Mbit. With DPI on, i get round about 50Mbit...

    The strange thing, if i turn DPI off, i get 250 Mbit again. If i turn on DPI again, i get still 250 Mbit. But after serveral hours it falls at 50 Mbit and stucks there.

    Until i switch off DPI again

  • Hello Wiregard, could it be that this can be explained that still the old (non DPI) connection is used when turned off? After a few hours it establishes a new (DPI)connection?

Reply Children
No Data