Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect - slow and freezing connections for SMB and RDP

I'm using Sophos XG 4500 v19 and we have noticed that connections to SMB servers when using Sophos connect remote access with default IPSEC profile are slow and unresponsive.

DoS protection is off  and we are not using traffic shaping.

Any Ideas ?



This thread was automatically locked due to age.
  • This helps with IPsec issues  - thanks a lot

  • Reply from technical support "the issue has now been resolved after disabling IPsec acceleration.

    Just for your information, there are no known bugs for IPsec acceleration in V19. Both firewall acceleration and IPsec acceleration are enabled by default and this is supposed to ensure increased performance in terms of IPsec."

  • Now IPSec runs without performance issues.

  • I can also attest that disabling ipsec-acceleration fixed SMB browsing/folder loading issues with a client running XGS2100 and Sophos Connect with IPSec VPN.

  • I am so glad I stumbled on this thread. I just spent the day pulling what's left of my hair out trying to figure out why SMB was almost unusable but other protocols were fine.. I did these steps and they seem to have done the trick

    Thanks!

    Jeff

  • the issue has now been resolved after disabling IPsec acceleration.

    well, I hope that is not the long term "solution"...?

  • We are running XGS3300 SFOS 18.5.2 MR-2-Build380
    We are having SMB speed issues between on-prem firewall and Sophos virtual firewall running in Azure. Case #05611513

    Sophos support offered no troubleshooting when I asked them if this could be MTU size related since we are having issues with anything larger than 1378 bytes over the tunnel. They replied with the following:

    Access the Sophos Firewall console via SSH.
    Select 5. Device Management > 3.  Advanced Shell.
    Run the command: cish
    Run the command “ system ipsec-acceleration disable”

    I'm going to try this but it would be nice to know if we should do some troubleshooting first.

  • Hi Guys, I have a weird issue where my remote access users (Sophos Connect IPsec) are getting slow speeds all of them maxes out at 20mb up/down. We have a 1gb link at our offices and a lot of the users has at least 200mb connection

    We don't have any Qos or Traffic shaping configured and also no IPS 

    I have also disabled the ipsec-acceleration and the firewall-acceleration with no improvements 

    The ipsec one only helped for pages taking long to load.

    Has anyone come across this issue before? 

  • Yes I'm still dealing with this (or similar). Ours is faster (around 25-35mbs on average) with a 500mbs connection at the office and 70mbs at the client side. I'm on macOS and have been trying different vpn clients in case that's the issue. The built-in Mac client connects but dns doesn't work because MacOS won't allow me to adjust the service order of IPSEC (Cisco) for some reason. I can't get any other client app to establish a connection at all. Been checking back here for a while now hoping someone came up with something.

    I'd also like to know if, because of my 70mbs connection, if 25-35 as good as I should expect. Does IPSEC generally cut speed by half?

    Thanks,

    Jeff