Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPPoE connection on XGS 2100 SFOS 19.0.0 GA-Build31 - slow page loading

Hi, 

I have problem with pppoe connection which I don't know how to solve 

MTU 1492

MSS 1452

no web policy

no ips

no DoS

tried changing port (on port 2 connection was terrible)

Problem is that pages are loading slow, after I press "enter" on url nothing happens for 10 seconds and then it start to looking for page. I checked on multiple pc's, diferent browsers and directly plugged to lan port (without other clients).  Internet speed is about 200 mbps faster on ISP equipment. Behind XG I get around 350 download and 200 upload. 

Maybe this has to do something with dns but I don't know how to troubleshoot.

Thanks. 

Carlo



This thread was automatically locked due to age.
Parents
  • When I turn off DNS service browsing speed on clients improves on clients

  • Please show us your DNS settings

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Carlo 

    Please select DNS query configuration as Choose server based on incoming requests record type and click on Apply and share the Test name lookup output for utm.cloud.sophos.com,community.sophos.com, google.com

    Thanks and Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Bharat,

    the screenshot was from my sophos not Carlo's one

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you. We tried all possible combinations for DNS through GUI but nothing seems to work. 

    I need support from Sophos and ISP for this one.

  • In the end, it is easy to find out, who is responsible for this issue.

    Simply do a BPF string in Packet Capture on Diagnostic - Webadmin with: port 53 

    Then filter for your PPPoE Interface.

    If you see packets leaving the interface with the correct IP to the internet (DNS Server), the ISP is responsible for this issue. 

    __________________________________________________________________________________________________________________

  • Can you please share correct syntax

  • port 53

    __________________________________________________________________________________________________________________

  • I don't know how to read that

  • You read it from bottom to top. 

    So it looks fine from a perspective of getting a response. The question is, what the responsive contains. 

    Next step: Go to the Advanced shell (SSH - Option 5 and Option 3). 

    Then perform the following:

    tcpdump -ni Port2_ppp port 53 

    You should see the requests. 

    14:43:55.259292 PortB, IN: IP 168.63.129.16.53 > 192.168.0.4.6945: 59033 3/0/0 A 52.48.198.35, A 34.255.238.223, A 34.248.210.158 (136)

    That would be a valid response. 

    Please post a snippet from the Advanced Shell. 

    __________________________________________________________________________________________________________________

  • XGS2100_RL01_SFOS 19.0.0 GA-Build317# tcpdump -ni Port2_ppp port 53
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on Port2_ppp, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    14:45:34.868822 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.46776 > 8.8.8.8.53: 36884+ A? www4.bing.com. (31)
    14:45:35.646632 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.41362 > 4.2.2.2.53: 23225+ A? login.microsoftonline.com. (43)
    14:45:35.774147 Port2_ppp, IN: IP 4.2.2.2.53 > XXX.XXX.XXX.XXX.41362: 23225 13/13/13 CNAME ak.privatelink.msidentity.com., CNAME www.tm.ak.prd.aadg.akadns.net., A 20.190.159.1, A 20.190.159.3, A 20.190.159.22, A 20.190.159.19, A 20.190.159.74, A 40.126.31.72, A 40.126.31.70, A 40.126.31.64, A 20.190.159.72, A 20.190.159.5, A 20.190.159.69 (718)
    14:45:36.526453 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.7200 > 8.8.8.8.53: 21982+ A? www.youtube.com. (33)
    14:45:36.526492 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.40443 > 8.8.8.8.53: 38953+ A? login.windows.net. (35)
    14:45:36.649795 Port2_ppp, IN: IP 8.8.8.8.53 > XXX.XXX.XXX.XXX.7200: 21982 8/13/13 CNAME youtube-ui.l.google.com., A 142.251.39.46, A 142.251.39.78, A 172.217.19.110, A 142.250.180.206, A 142.250.180.238, A 142.250.201.206, A 142.251.39.14 (598)
    14:45:36.654730 Port2_ppp, IN: IP 8.8.8.8.53 > XXX.XXX.XXX.XXX.40443: 38953 15/13/13 CNAME a.privatelink.msidentity.com., CNAME prda.aadg.msidentity.com., CNAME www.tm.a.prd.aadg.trafficmanager.net., A 20.190.159.22, A 40.126.31.64, A 20.190.159.1, A 20.190.159.69, A 40.126.31.68, A 40.126.31.70, A 20.190.159.3, A 20.190.159.72, A 20.190.159.5, A 20.190.159.19, A 40.126.31.72, A 20.190.159.74 (756)
    14:45:37.888640 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.13499 > 4.2.2.2.53: 15040+ A? www4.bing.com. (31)
    14:45:37.991261 Port2_ppp, IN: IP 4.2.2.2.53 > XXX.XXX.XXX.XXX.13499: 15040 5/13/13 CNAME www4-www4.bing.com.trafficmanager.net., CNAME www4.bing.com.edgekey.net., CNAME e86303.dscx.akamaiedge.net., A 2.23.97.241, A 2.23.97.178 (603)
    14:45:39.547224 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.37912 > 4.2.2.2.53: 59625+ A? www.youtube.com. (33)
    14:45:39.547272 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.27265 > 4.2.2.2.53: 1802+ A? login.windows.net. (35)
    14:45:39.572067 Port2_ppp, IN: IP 4.2.2.2.53 > XXX.XXX.XXX.XXX.37912: 59625 8/13/13 CNAME youtube-ui.l.google.com., A 172.217.19.110, A 142.250.180.206, A 142.250.180.238, A 142.250.201.206, A 142.251.39.14, A 142.251.39.46, A 142.251.39.78 (598)
    14:45:39.576643 Port2_ppp, IN: IP 4.2.2.2.53 > XXX.XXX.XXX.XXX.27265: 1802 15/13/13 CNAME a.privatelink.msidentity.com., CNAME prda.aadg.msidentity.com., CNAME www.tm.a.prd.aadg.trafficmanager.net., A 40.126.31.68, A 40.126.31.70, A 20.190.159.3, A 20.190.159.72, A 20.190.159.5, A 20.190.159.19, A 40.126.31.72, A 20.190.159.74, A 20.190.159.22, A 40.126.31.64, A 20.190.159.1, A 20.190.159.69 (756)
    14:45:39.990110 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.25728 > 1.0.0.1.53: 35522+ A? www.bing.com. (30)
    14:45:40.016627 Port2_ppp, IN: IP 1.0.0.1.53 > XXX.XXX.XXX.XXX.25728: 35522 5/13/13 CNAME www-www.bing.com.trafficmanager.net., CNAME www-bing-com.dual-a-0001.a-msedge.net., CNAME dual-a-0001.dc-msedge.net., A 13.107.22.200, A 131.253.33.200 (611)
    ^Ctcpdump: Unable to write output: Interrupted system call
    XGS2100_RL01_SFOS 19.0.0 GA-Build317#

Reply
  • XGS2100_RL01_SFOS 19.0.0 GA-Build317# tcpdump -ni Port2_ppp port 53
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on Port2_ppp, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    14:45:34.868822 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.46776 > 8.8.8.8.53: 36884+ A? www4.bing.com. (31)
    14:45:35.646632 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.41362 > 4.2.2.2.53: 23225+ A? login.microsoftonline.com. (43)
    14:45:35.774147 Port2_ppp, IN: IP 4.2.2.2.53 > XXX.XXX.XXX.XXX.41362: 23225 13/13/13 CNAME ak.privatelink.msidentity.com., CNAME www.tm.ak.prd.aadg.akadns.net., A 20.190.159.1, A 20.190.159.3, A 20.190.159.22, A 20.190.159.19, A 20.190.159.74, A 40.126.31.72, A 40.126.31.70, A 40.126.31.64, A 20.190.159.72, A 20.190.159.5, A 20.190.159.69 (718)
    14:45:36.526453 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.7200 > 8.8.8.8.53: 21982+ A? www.youtube.com. (33)
    14:45:36.526492 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.40443 > 8.8.8.8.53: 38953+ A? login.windows.net. (35)
    14:45:36.649795 Port2_ppp, IN: IP 8.8.8.8.53 > XXX.XXX.XXX.XXX.7200: 21982 8/13/13 CNAME youtube-ui.l.google.com., A 142.251.39.46, A 142.251.39.78, A 172.217.19.110, A 142.250.180.206, A 142.250.180.238, A 142.250.201.206, A 142.251.39.14 (598)
    14:45:36.654730 Port2_ppp, IN: IP 8.8.8.8.53 > XXX.XXX.XXX.XXX.40443: 38953 15/13/13 CNAME a.privatelink.msidentity.com., CNAME prda.aadg.msidentity.com., CNAME www.tm.a.prd.aadg.trafficmanager.net., A 20.190.159.22, A 40.126.31.64, A 20.190.159.1, A 20.190.159.69, A 40.126.31.68, A 40.126.31.70, A 20.190.159.3, A 20.190.159.72, A 20.190.159.5, A 20.190.159.19, A 40.126.31.72, A 20.190.159.74 (756)
    14:45:37.888640 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.13499 > 4.2.2.2.53: 15040+ A? www4.bing.com. (31)
    14:45:37.991261 Port2_ppp, IN: IP 4.2.2.2.53 > XXX.XXX.XXX.XXX.13499: 15040 5/13/13 CNAME www4-www4.bing.com.trafficmanager.net., CNAME www4.bing.com.edgekey.net., CNAME e86303.dscx.akamaiedge.net., A 2.23.97.241, A 2.23.97.178 (603)
    14:45:39.547224 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.37912 > 4.2.2.2.53: 59625+ A? www.youtube.com. (33)
    14:45:39.547272 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.27265 > 4.2.2.2.53: 1802+ A? login.windows.net. (35)
    14:45:39.572067 Port2_ppp, IN: IP 4.2.2.2.53 > XXX.XXX.XXX.XXX.37912: 59625 8/13/13 CNAME youtube-ui.l.google.com., A 172.217.19.110, A 142.250.180.206, A 142.250.180.238, A 142.250.201.206, A 142.251.39.14, A 142.251.39.46, A 142.251.39.78 (598)
    14:45:39.576643 Port2_ppp, IN: IP 4.2.2.2.53 > XXX.XXX.XXX.XXX.27265: 1802 15/13/13 CNAME a.privatelink.msidentity.com., CNAME prda.aadg.msidentity.com., CNAME www.tm.a.prd.aadg.trafficmanager.net., A 40.126.31.68, A 40.126.31.70, A 20.190.159.3, A 20.190.159.72, A 20.190.159.5, A 20.190.159.19, A 40.126.31.72, A 20.190.159.74, A 20.190.159.22, A 40.126.31.64, A 20.190.159.1, A 20.190.159.69 (756)
    14:45:39.990110 Port2_ppp, OUT: IP XXX.XXX.XXX.XXX.25728 > 1.0.0.1.53: 35522+ A? www.bing.com. (30)
    14:45:40.016627 Port2_ppp, IN: IP 1.0.0.1.53 > XXX.XXX.XXX.XXX.25728: 35522 5/13/13 CNAME www-www.bing.com.trafficmanager.net., CNAME www-bing-com.dual-a-0001.a-msedge.net., CNAME dual-a-0001.dc-msedge.net., A 13.107.22.200, A 131.253.33.200 (611)
    ^Ctcpdump: Unable to write output: Interrupted system call
    XGS2100_RL01_SFOS 19.0.0 GA-Build317#

Children
No Data