This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect 2.0 IPSec VPN Slowness with XG Firewall

I'm trying to figure out a issue we've had for a while using Sophos Connect IPSec connections.  In general small file transfers (say 5Mb or less) from a client to a file server happen very quickly, within seconds as expected.  But larger file transfers take a while for no reason.  For example:

5Mb PDF : 4 seconds

15Mb PDF : 26 seconds

This seems to ring true for almost anything including large emails or other files.  Smaller emails and files are quick but larger take forever and the ratio isn't linear (like above example).

The firewall is a XG310 Gen 2 with 19.0 firmware up to date (happened on 18.* also, upgrading to 19 didn't help).  The clients are all Windows 10 using Sophos Connect 2.0 IPSec connections.  The antivirus being used is Sophos Endpoint w/Intercept x.  The internet in this office is a fiber 500/500 and speed tests result in consistent 450-ish / 480-ish results.  The users whos file saving results are above has a home 500/500 fiber connection.  Using they get 470/490 on their normal internet and get 60/60 when connected to our VPN. 

Is this normal and if not where do I start with troubleshooting?

This thread was automatically locked due to age.
  • Hello there,

    Thank you for contacting the Sophos Community.

    Do you have an open case for this? if not I would recommend you to get one open.

    For the troubleshooting, you would need to do some packet captures, when the issue is happening and especially if you’re able to reproduce, the issue, so they can be compared.

    Check also if you see any DoS or dropped packets when the issue is happening.

    Try running this command from the Console of the XG (5>4) see if it helps

    console> set ips ac_atp exception fwrules 1,2

    Where 1,2 is the number of the Firewall Rule, in your case would be the VPN to LAN/DMZ rule.

    See if TCP Window Scaling and and Seq are enabled

    console> show advanced-firewall

    If they’re try disabling it for testing purposes

    console> set advanced-firewall tcp-seq-checking off

    console> set advanced-firewall tcp-window-scaling off

    to re-enable

    console> set advanced-firewall tcp-seq-checking on

    console> set advanced-firewall tcp-window-scaling on

    but the most important would be the tcpdump from the Firewall and a Wireshark capture in the client and server. 


    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • We do not have an open but that is something I can do. I'm not positive if this is a firewall or an endpoint issue at this point. I know we have a similar issue when programmers push new builds of software through the VPN. Locally in the office that process is taking about 45 seconds for 100 MB of files. Yet when they do the same thing through the VPN it can take upwards of 30 minutes to push the same 60 some files.