This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPPoE connection on XGS 2100 SFOS 19.0.0 GA-Build31 - slow page loading

Hi, 

I have problem with pppoe connection which I don't know how to solve 

MTU 1492

MSS 1452

no web policy

no ips

no DoS

tried changing port (on port 2 connection was terrible)

Problem is that pages are loading slow, after I press "enter" on url nothing happens for 10 seconds and then it start to looking for page. I checked on multiple pc's, diferent browsers and directly plugged to lan port (without other clients).  Internet speed is about 200 mbps faster on ISP equipment. Behind XG I get around 350 download and 200 upload. 

Maybe this has to do something with dns but I don't know how to troubleshoot.

Thanks. 

Carlo



This thread was automatically locked due to age.
Parents
  • Hi Carlo

    How about you connect PPPoE directly on laptop and what speet test shows ? and output for ipconfig /all for windows system ?

    Please take SSH access of the device and Login to console and execute the command system diagnostics show syslog

    Save the PPPoE interface configuration and check the output command for PPPoE and share the output.

    You may also execute the command show pppoe connection status

    Please refer the below link and update the ppoe configuration : 

    https://support.sophos.com/support/s/article/KB-000035683?language=en_US

    The web GUI only shows the PPPOE WAN connection MTU value of 1500, and this is the physical interface. The command-line interface (CLI) shows the physical interface and the logical interface. The physical interface for the WAN connection in the CLI has an MTU value of 1500. The logical interface displays an MTU of 1492 and is always deducted by eight due to the PPPOE overhead. 

    The only way to drop the MTU for a PPPOE connection is through the web GUI. For example, if the physical interface is 1500 and an MTU of 1484 is required by the PPPOE connection, drop the physical interface to 1492.

    To change the mss or mtu use below command

    console> set network mtu-mss PortB mtu <value> mss <value>

    Thanks and Regards

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you for answering.

    Output's

    console> system diagnostics show syslog
    Jul 22 18:52:33Z localhost pppd: Port2.995: peer from calling number XX:4D:29:EX:XX:XX authorized
    Jul 22 18:52:36Z localhost pppd: Port2.995: Failed to create /etc/ppp/resolv.conf: Read-only file system
    Jul 22 18:52:36Z localhost pppd: Port2.995: local  IP address xxx.xxx.xxx.xxx
    Jul 22 18:52:36Z localhost pppd: Port2.995: remote IP address 10.0.0.1
    Jul 22 18:52:36Z localhost pppd: Port2.995: primary   DNS address 18x.xxx.xxx.1
    Jul 22 18:52:36Z localhost pppd: Port2.995: secondary DNS address 10.0.0.1
    Jul 22 18:52:40Z localhost ipsec_starter: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory
    Jul 22 18:52:40Z localhost up_tunnels_on_id(): Making connections on interfaceid 3 up or add (as per their auto= configuration)
    Jul 22 18:52:40Z localhost ipsec_starter: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory
    Jul 22 19:01:26Z localhost cish: session opened from console
    

    console> show pppoe connection status
    
    
    -----   PPPoE Connection Status   -----
    
            Port2(xxx.xxx.xxx.xxx)   : Connected
    

  •   Hi Carlo 

    Please share current status  for interface speed after expanding Port 2 under Advance setting and logs for below command

    tail -f /log/dgd.log

    tail -f /log/networkd.log

    tail -f /log/dnsgrabber.log

    console>tcpdump ‘host sophos.com

    Might below command helps?

    console> set network mtu-mss Port2 mtu 1492 mss 1412

    Thanks 

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
  • Hi Carlo 

    Can you check if the status for DNS is resolving properly from GUI with Test lookup ?

    Please go Configure -->Network -->DNS-->DNS Configuration, click on Test  Name lookup and add sophos.com click the Test connection?

    Have you checked the issue with mss as per the below command from CLI?

    console> set network mtu-mss Port2 mtu 1492 mss 1412

    Thanks 

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • After I execute that command I cannot browse internet any more. Need to return to old settings 1492/1444

  • does this mean something? 

  • Hi Carlo 

    Please check the status for the below commands 

    system appliance_access show 

    system firewall-acceleration show

    Thanks 

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • console> system appliance_access show
    Appliance access disabled.
    console> system firewall-acceleration show
    Firewall Acceleration is Enabled in Configuration.
    Firewall Acceleration is Loaded.
    

  • Hi Carlo 

    can you disable firewall acceleration and check website loads ?

    Thanks

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Since when you identified the issue, any change done on upstream router and caused the issue?

    May be live session is required to generate proper  logs and investigate the issue along with packet flow from Sophos firewall 

    Have you raised support case ?

    Thanks

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Carlo 

    Please check if there is no issue with mss too as tcpdump you shared not having enough information 

    console> set network mtu-mss Port2 mtu default  mss 1380 

    Please revert the old settings if no change is found 

    Aslo, check the interface negotiation 100FD or 100HD ,you may also check if there is any negotiation issue between WAN or LAN with the next-in-line device.

    Open Console go to Option 4 and type ethe command

    console > system dia uti band       "press 'u' twice"

    Check if there is any error's E/S  (error/second)

    If so then lower the link speed.

    Also, another step provide us the output of the command;

    Console> sh net interfaces

    Thanks 

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Carlo 

    Please check SSL/TLS Inspection logs as well and share the output 

    Thanks 

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.