I'm using Sophos XG 4500 v19 and we have noticed that connections to SMB servers when using Sophos connect remote access with default IPSEC profile are slow and unresponsive.
DoS protection is off and we are not using traffic shaping.
Any Ideas ?
For users reporting this, please share your Case ID, so this issue can be brought to GES with a higher priority.
In the meantime users that remain on v19 and using XGS hardware, can you check if…
Did you run your firewall with older firmware before and was performance OK there?
Is this for all users or only some?
We've once had SMB (no RDP) performance issues over VPN caused by software based file encryption on the SMB file server. This was not noticable in LAN, only VPN.
RDP via Sophos Connect VPN client seems to be OK on Windows but is disconnecting on Mac OS. SMB is slow both in Windows and Mac OS. I can't confirm if this was ok on the old firmware.
Can see the same behavior after upgrade to v19. we also have file servers behind a ipsec between two sophos xg with v19. after downgrade to 18.5.3 the performance is back.
can we compare the settings of the default "DefaultRemoteAccess" IPSec Policy, which is used for Remote Access in v18.5 with v19?
Is it possible, that there is now default IPS or whatever enabled for the IPSec packets causing high delay and that this scanning was not active in v18.5?
You could try disabling IPS and ATP for a moment and reconnect IPSec VPN.
This is v18.5 MR3:
DDon't have v19 running.
We can confirm the behavior as well. However, only SMB access from the VPN client to the servers is slow. The other way around seems to be ok.
Same settings as in v19
I have the the issue on xgs 4500 but not on xg 550 both running the latest v19 firmware and the same remote access config, site to site ipsec is OK, just vpn clients via sophos connect have smb issues and mac clients have issues with rdp and smb over vpn.
we can see the issue with smb mainly on the ipsec site2site between azure and our HQ
We need to know, what caused this issue.
Try to see a tcpdump, conntrack output and droppacket capture of those connections. If there is any relationship to this situation.