This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

slow rdp through the XG

Hi everyone, I have a strange behavior with a rdp connection.
The RDP server is located externally and a PPTP vpn must be established to connect.
Connecting from any computer in my office that is protected by a sophos XG v18 the RDP connection is very slow and hangs very often, with the same computers if I use the hotspot of the phone the RDP connection is very fast.
The ping to the remote server is always stable with 40 ms of latency.
Hoping it was a problem with the internet provider I tried to connect a computer directly to the router excluding the firewall but in this way it works well, so obviously the problem is the firewall.
I made an allow rule that excludes all AV/WEB/IPS/APP controls, but the situation does not improve.

I honestly don't know what to check and what this behavior may have caused.



This thread was automatically locked due to age.
Parents
  • Hello @Luc_GLLM,

    Since it is not very clear, i am assuming that the PPTP is not configured on the XG, but on any other router/Firewall and the clients connect the PPTP via Sophos XG

    Have you enabled any DoS Protection on XG ? if yes, please try disabling it to see if the problem still persists or not.
    Also, are you using SSL / TLS inspection on the XG ? If yes, may want to try by disabling it / exclude the relevant traffic and see if that helps.

    Let me know the outcomes once you have tried the above steps.

Reply
  • Hello @Luc_GLLM,

    Since it is not very clear, i am assuming that the PPTP is not configured on the XG, but on any other router/Firewall and the clients connect the PPTP via Sophos XG

    Have you enabled any DoS Protection on XG ? if yes, please try disabling it to see if the problem still persists or not.
    Also, are you using SSL / TLS inspection on the XG ? If yes, may want to try by disabling it / exclude the relevant traffic and see if that helps.

    Let me know the outcomes once you have tried the above steps.

Children
  • sorry I was not very clear, however you understood correctly.
    Unfortunately neither DOS protection nor SSL / TLS inspection is active

  • Thanks for the info.

    Since you've mentioned that the ping is stable, i am considering the PPTP connection is also very stable.

    Can you check if there is any packets dropped on the XG ? To see that, pls follow below steps:

    1. SSH into the XG
    2. Option 5 > Option 3 for the advanced shell
    3. run the command " drppkt port 3389" (Change the port if using any custom port)

    If you see any drops, you may also be able to see the reason.

    Please post the drops here so that we can also have a look.

    Also, when you tested the connection by excluding the XG, were you using the same public IP that was configured on XG or a different one?

  • very nice command drppkt, did not know it.
    However there are no dropped packets, I have tried with both the port and the host.
    When I did the test without firewall I used the same public ip