I'm using Sophos XG 4500 v19 and we have noticed that connections to SMB servers when using Sophos connect remote access with default IPSEC profile are slow and unresponsive.
DoS protection is off and we are not using traffic shaping.
Any Ideas ?
For users reporting this, please share your Case ID, so this issue can be brought to GES with a higher priority.
In the meantime users that remain on v19 and using XGS hardware, can you check if…
Did you run your firewall with older firmware before and was performance OK there?
Is this for all users or only some?
We've once had SMB (no RDP) performance issues over VPN caused by software based file encryption on the SMB file server. This was not noticable in LAN, only VPN.
RDP via Sophos Connect VPN client seems to be OK on Windows but is disconnecting on Mac OS. SMB is slow both in Windows and Mac OS. I can't confirm if this was ok on the old firmware.
Can see the same behavior after upgrade to v19. we also have file servers behind a ipsec between two sophos xg with v19. after downgrade to 18.5.3 the performance is back.
can we compare the settings of the default "DefaultRemoteAccess" IPSec Policy, which is used for Remote Access in v18.5 with v19?
Is it possible, that there is now default IPS or whatever enabled for the IPSec packets causing high delay and that this scanning was not active in v18.5?
You could try disabling IPS and ATP for a moment and reconnect IPSec VPN.
This is v18.5 MR3:
DDon't have v19 running.
We can confirm the behavior as well. However, only SMB access from the VPN client to the servers is slow. The other way around seems to be ok.