Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS2100 (SFOS 18.5.1 MR-1-Build326) the internet is so slow

Dear All


I am new to using this firewall and it was installed about a month ago on the network, but since it was installed, the speed of the Internet in the network is very slow, and the ping time exceeds 1000, and I do not have a roll to disable anythingو Are there any suggestions? 

This thread was automatically locked due to age.
  • Hi Karim 

    Please navigate to PROTECT —> Intrusion Prevention and check TCP DOS setting are applied ? If yes disable and check

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you Bharat for your replay i think its disabled

  • Hi Karim 

    Please check with Source IP base firewall rule the current internet speed you are receiving from ISP.

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Troubleshooting Steps

    If you experience slow browsing in your network, follow the steps given below to troubleshoot the issue.

    Step 1: Verify DoS Settings

    One major reason for slow browsing is an ongoing DoS or DDoS attack. It may be possible that DoS settings are not enabled in Sophos XG, hence the attack was not detected, or the settings are inappropriate.

    For Troubleshooting:

    • Check if DoS Settings are enabled from the Dashboard, under the DoS Attack Status doclet.

    This is under PROTECT --->Intrusion Prevention -->DOS attacks

    • Check if DDoS-related IPS policies are configured PROTECTàIntrusion Prevention > Policy Policies > Policy.


    If not configured prior, you can configure DoS and DDoS prevention mechanisms by referring to the article



    -      Unless specifically advised by Sophos  Support, do not enable the TCP Flood settings.

    -      For optimum results, periodically check the DoS alerts and if any legitimate traffic is dropped, re-adjust the Packet rate per source and Burst rate per source values.

    -      Configure a DoS Bypass Rule for a specific IP address if its legitimate traffic is dropped




    Step 2: Check DNS Configuration

    The following may be the reasons for slow browsing:


    Case 1


    An internal DNS server is configured for LAN users and all DNS requests are directed to it. Issues with the Internal DNS Server or the External DNS Server, to which it forwards requests, may result in overall slow browsing.


    Resolution: To resolve this issue, contact appropriate administrators or Server vendors.


    Case 2


    Multiple ISP Links are terminated on Sophos and user systems are configured with a particular ISP’s DNS. In this case, the outgoing DNS traffic gets load-balanced. Hence, Two(2) possibilities occur:

    -     If a DNS request travels through the ISP Link whose DNS is configured in the user’s system, the request is resolved and the turnaround time is good.

    -     If a DNS request travels through another ISP Link, the request is dropped because the DNS configured in the user’s system does not match ISP’s DNS.


    This results in only partial DNS requests in the network to be resolved, which ultimately leads to slow browsing.


    Resolution: Configure a Static Route in Sophos XG that forwards all DNS Traffic to the ISP Link whose DNS is configured in user’s systems. You can configure Static Routes from CONFIGURE ->Network > Static Route > Unicast.


    Case 3


    Sophos XG LAN IP is configured as DNS in user systems. Issues with DNS configuration in Sophos XG may lead to slow browsing. 


    Resolution: Follow the instructions given below to troubleshoot DNS configuration in Sophos XG

    1. Log in to Sophos XG Web Admin Console with the user having read-write administrative rights over relevant features.


    1. Go to CONFIGURE -->System Services--> Services to check if DNS Service is running. If service is stopped, restart it by clicking Start. If the issue persists contact Sophos Support.


    1. If the DNS service is running, then check query response time by performing a Name Lookup of any domain like To perform Name Lookup,go toCONFIGURE-->Network > DNS -> DNS configuration and click Test Name Lookup
    2. as hostname and click Test Connection
    3. The following Result is displayed. The result is dependent on individual networks.
    4. Sophos XG resolves queries using DNS Servers in a top to bottom order. Hence, compare the response times of each Server and place the Server with the least response time at the top.


    It is recommended to use as the Primary DNS Server if Sophos XG is used as a Direct Proxy Server (Sophos XG LAN IP configured as Proxy Server in browsers) OR if Sophos XG LAN IP is configured as DNS in all user systems. is Sophos XG loopback local DNS Server which directly resolves queries from Root DNS servers and caches them locally. This ensures that repeat queries are resolved much faster.


    Step 3: Check for Packet Loss within the Network


    Loss of packets during transmission between network nodes may result in reduced browsing speeds.


    Resolution: To check for Packet Loss, follow the instructions given below.

    1. Login to any network node and execute the PING command to any host on the Internet. For example, we have executed ping to from a windows machine.
    2. Execute a trace route command to any host on the Internet to find out where the packet loss is taking place. For example, here, we have executed the tracert command to from a windows machine.



    1. As shown above, packets are lost in transmission. A possible cause for it can be Bandwidth Congestion. To troubleshoot this issue:

             -      Increase the available bandwidth in the network.

             -     Optimize bandwidth usage in the network by Bandwidth Shaping or applying other QoS Policies using Sophos XG.


    1. Packets could also be lost while transmitting from network node to Internet if a certain kind of traffic is not allowed through Sophos XG. In Sophos XG,

           go to PROTECT--> Rules and policies and check if any traffic is filtered out.  


    1. Packet loss could also be a result of faulty network hardware or cables. Physically check the network nodes for loose cables or faults. If necessary, 
             replace the faulty hardware.


    Step 4: Check for Interface Collisions and Errors

    Improper Link Speed and Duplex negotiation between Sophos XG WAN Port and upstream router can be a reason for less browsing speeds. Another reason could be an IP Conflict between Two (2) or more interfaces of Sophos XG.


    Resolution: To check for Interface errors, follow the instructions given below.


    1. Log in to Sophos XG CLI and choose option Sophos XG Console
    2. Execute the command:


          console> show network interfaces 


    If the drops on the interface on WAN Zone increase change the cable


    1. As shown, there should be no errors and dropped packets. If errors exist, execute the same command a few times and observe the number of errors. 
             An increasing number of errors implies poor connectivity, and hence, slow browsing. To troubleshoot the issue:

           -      Replace the cables connected to the interface(s) showing errors.

           -      If Sophos XG is directly connected to an upstream router, insert a switch between them.


    1. The auto-negotiated Interface Speed should be a Full Duplex connection. If any interface has negotiated with a Half Duplex, manually set the Interface 
             Speed to match that of the peer device. To set the interface speed:


    • Go to CONFIGURE --->Network > Interface >and select the required Interface.


    • Under Advanced Settings, select the appropriate Interface Speed to match the peer device. Here we have selected 100 Mbps Full Duplex.


    Step 5: Verify Gateway Failover Condition and Health of ISP Link

    The following may be the reasons for slow browsing:


    Case 1


    Improper Gateway Failover Condition might cause Sophos XG to detect inaccurate gateway status.


    Resolution: To verify Gateway Failover Condition, follow instructions given below.


    Go to CONFIGURE--> Network > WAN link Manager and select the required Gateway to check its failover condition. We recommend keeping a failover condition that performs check on either Global DNS Servers, like and, or other reliable Global IP Addresses on the Internet. 



    Case 2


    Poor Internet connectivity on the gateway because of a fluctuating ISP Link leads to slow browsing.


    Resolution: To check Internet Connectivity, follow instructions given below.


    Go to MONITOR & ANALYZE  > Diagnostics > Tools and Ping any external host like with packet size 1000 using each Sophos XG WAN Port (Gateway).  


    If there are any errors or packet loss, contact your ISP. 


    Step 6: High Resource Utilization Exceeding Maximum Capacity

    High utilization of resources such as bandwidth and processors result in slow browsing


    Resolution: Check resource utilization from MONITOR & ANALYZE  > Diagnostics > System Graphs. You can view live and historical information of CPU Usage, Memory Usage, Disk Usage, Load Average, Users information, WAN Zone and Interface Data. Here we have shown information for CPU and Memory Usage, and Interface Data.


    If you observe continuous high utilization of bandwidth on any WAN Interface reaching the Maximum bandwidth available from ISP, you can either consider increasing the Maximum Bandwidth Limit from the ISP or try analyzing surfing patterns in the network to apply appropriate Internet Access Policies like Web Filter, Application Filter and QoS Policies.


    If you observe continuous high utilization for any of the system resources like CPU or Memory, contact Sophos Tech Support


    Step 7: The PLAIN Firewall Rule Check

    If the slow browsing issue still persists perform the PLAIN Firewall Rule check. Create a firewall rule that allows all traffic without scanning, as shown below, and place it on top of all other firewall rules created.




    Once Plain Firewall Rule is created, contact Sophos XG Support for further analysis of security scanning process in your Appliance. 

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.