I just set up a new Sophos Firewall on my Dell XPS tower (testing). It was all working nice, I was getting about 230 Mbps bandwidth from fast.com. Then I enabled DoS from Intrusion Prevention --> DoS & spoof protection [tab] --> DoS settings. I clicked the checkbox for SYN flood, UDP flood, TCP flood, and ICMP/ICMPv6 flood. Then my bandwidth went to crap. The max download speeds I get are ~9 Mbps. Ammm.... I missing something? I even tried setting my WAN port to 1000 Mbps - Full Duplex. Advanced Threat Protection is also disabled.
I'm using firmware SFOS 18.5.1 MR-1-Build326 (updated from the initial build I downloaded (SFOS 18.0.5 MR-5-Build586).
I found this page but it's a little outdated so the instructions aren't the same as my GUI, plus the discussion has been locked: https://community.sophos.com/sophos-xg-firewall/f/discussions/95693/extremy-slow-internet-speed.
please disable TCP setting and try again.
Thanks, that worked. But now I need to look up what that exactly is and whether it's needed....
no, you don't need TCP DDOS for home use. I have mine permanently disabled along with most of the other items because my security cameras break the other items. Though I must try them again after the last IPS update.
Good to know. My setup is only temporary. I have Unifi equipment for home use but I'm testing this Sophos router so I know how to configure basic firewall and NAT settings, IPS, DoS, and a site-to-site VPN to an AWS VPC. We also plan on using the WAF feature but I don't have the resources at home to test that -- no biggie. I also want to set up VPN but need to look up which is the best way to do it in 2021 (I'm guessing SSL VPN ??). I know PPTP is out of the question. We will be using the Sophos Firewall at our data center for production use in the coming months. I just wish I could have more than a measly 30-day eval on this thing. Seems way too little. Really appreciate your time, I believe you were also helping me with the NIC compatibility recently So, when we have this in production mode at our data center (for business use), will we also need to disable TCP settings?
that question I cannot answer, you would need to ask your reseller or even one of the Sophos forum support team might chime in.
There are settings that can be fine tuned if you find you need the TCP DDOS function.
There is always the options of a home user licence for what you are experimenting with, though that will require a rebuild.
Thanks. Do you know of any settings to fine tune the three existing settings I have enabled? (SYN flood, UDP flood, and ICMP/ICMPv6 flood). I ended up disabling all DoS settings since I could easily notice lag/latency. Google maps for example, when I zoom in/out, it takes seconds to refresh vs instant like usual. Same with random websites. I'll notice some images don't load and I have to refresh once or twice. When I turn off those three settings, everything is snappy again. I can't imagine this behavior being acceptable in a production biz environment. In Control Center --> CPU & Memory, my "CPU" hasn't gone above 3% since I installed the firewall, and "Memory" is at a steady 50%, so I can't imagine it's hardware related.