I've recently installed an XG230, on a symetrical 300/300 business fiber connection, provided by swiss ISP Swisscom.
We used to have a 100/100 business fiber connection with another ISP, which was controlled on an old Cisco router.
The old router was decommissioned and removed, as it was unable to handle a 300/300 connection.
I got a user in Australia, which has been working using a L2TP VPN for years, and the connection used to be really stable and fast enough for him.
I've been testing all types of Remote Access VPNs with him over the last week ( SSLVPN/TCP, SSLVPN/UDP, IPSec, L2TP):
No performance difference between SSLVPN TCP or UDP, while I thought UDP should be a bit faster. The end-user also mentionned the new VPN is definitely slower than the previous one.
Also, we noticed VPN was disconnecting automatically, I can see it in the Authentication logs, but the configuration is set not to disconnect idle clients!
Is there anything that could automatically disconnect users ? Also, why would a VPN be slower on Sophos XG, compared to a old Cisco 1901?
In IPsec, the key life time of the connection is set to 4 hours. Which means, after 4 hours the keys will renewed, leading to a reconnect. If you have OTP setup, this means, each and every 4 hours the…
In IPsec, the key life time of the connection is set to 4 hours. Which means, after 4 hours the keys will renewed, leading to a reconnect. If you have OTP setup, this means, each and every 4 hours the client has to enable another OTP token.
For SSLVPN, you can configure this value to a longer time.
I do have activated the OTP for all users, as this is a mandatory security features for us.
I'll try adjusting the settings for the SSLVPN, thanks for the tip.
Do you have any idea of what could be throttling the VPN speed ?
It's 3-4 times slower than the older VPN we had, and this is causing some trouble for users when copying large files. Can Sophos Support do something for us ?
You can try to figure out, if the MTU Size will help in any case on the client itself. (changing the OVPN file of the client).
Check the CPU of the hardware while doing a file transfer, if a module is max out in CPU.
Check for the latest Firmware.