Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 59 replies
  • Answers 1 answer
  • Subscribers 37 subscribers
  • Views 12175 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PPPoE connection on XGS 2100 SFOS 19.0.0 GA-Build31 - slow page loading

Carlo

Hi, 

I have problem with pppoe connection which I don't know how to solve 

MTU 1492

MSS 1452

no web policy

no ips

no DoS

tried changing port (on port 2 connection was terrible)

Problem is that pages are loading slow, after I press "enter" on url nothing happens for 10 seconds and then it start to looking for page. I checked on multiple pc's, diferent browsers and directly plugged to lan port (without other clients).  Internet speed is about 200 mbps faster on ISP equipment. Behind XG I get around 350 download and 200 upload. 

Maybe this has to do something with dns but I don't know how to troubleshoot.

Thanks. 

Carlo



This thread was automatically locked due to age.
Parents
  • 0

    Hi Carlo

    How about you connect PPPoE directly on laptop and what speet test shows ? and output for ipconfig /all for windows system ?

    Please take SSH access of the device and Login to console and execute the command system diagnostics show syslog

    Save the PPPoE interface configuration and check the output command for PPPoE and share the output.

    You may also execute the command show pppoe connection status

    Please refer the below link and update the ppoe configuration : 

    https://support.sophos.com/support/s/article/KB-000035683?language=en_US

    The web GUI only shows the PPPOE WAN connection MTU value of 1500, and this is the physical interface. The command-line interface (CLI) shows the physical interface and the logical interface. The physical interface for the WAN connection in the CLI has an MTU value of 1500. The logical interface displays an MTU of 1492 and is always deducted by eight due to the PPPOE overhead. 

    The only way to drop the MTU for a PPPOE connection is through the web GUI. For example, if the physical interface is 1500 and an MTU of 1484 is required by the PPPOE connection, drop the physical interface to 1492.

    To change the mss or mtu use below command

    console> set network mtu-mss PortB mtu <value> mss <value>

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Thank you for answering.

    Output's

    console> system diagnostics show syslog
Jul 22 18:52:33Z localhost pppd: Port2.995: peer from calling number XX:4D:29:EX:XX:XX authorized
Jul 22 18:52:36Z localhost pppd: Port2.995: Failed to create /etc/ppp/resolv.conf: Read-only file system
Jul 22 18:52:36Z localhost pppd: Port2.995: local  IP address xxx.xxx.xxx.xxx
Jul 22 18:52:36Z localhost pppd: Port2.995: remote IP address 10.0.0.1
Jul 22 18:52:36Z localhost pppd: Port2.995: primary   DNS address 18x.xxx.xxx.1
Jul 22 18:52:36Z localhost pppd: Port2.995: secondary DNS address 10.0.0.1
Jul 22 18:52:40Z localhost ipsec_starter: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory
Jul 22 18:52:40Z localhost up_tunnels_on_id(): Making connections on interfaceid 3 up or add (as per their auto= configuration)
Jul 22 18:52:40Z localhost ipsec_starter: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory
Jul 22 19:01:26Z localhost cish: session opened from console


    console> show pppoe connection status


-----   PPPoE Connection Status   -----

        Port2(xxx.xxx.xxx.xxx)   : Connected

  • 0 in reply to Bharat J

    does this mean something? 

  • 0 in reply to Carlo

    Hi Carlo 

    Please check the status for the below commands 

    system appliance_access show 

    system firewall-acceleration show

    Thanks 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J 

    console> system appliance_access show
Appliance access disabled.
console> system firewall-acceleration show
Firewall Acceleration is Enabled in Configuration.
Firewall Acceleration is Loaded.

  • 0 in reply to Carlo

    Hi Carlo 

    can you disable firewall acceleration and check website loads ?

    Thanks

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Carlo

    Since when you identified the issue, any change done on upstream router and caused the issue?

    May be live session is required to generate proper  logs and investigate the issue along with packet flow from Sophos firewall 

    Have you raised support case ?

    Thanks

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Carlo

    Hi Carlo 

    Please check if there is no issue with mss too as tcpdump you shared not having enough information 

    console> set network mtu-mss Port2 mtu default  mss 1380 

    Please revert the old settings if no change is found 

    Aslo, check the interface negotiation 100FD or 100HD ,you may also check if there is any negotiation issue between WAN or LAN with the next-in-line device.

    Open Console go to Option 4 and type ethe command

    console > system dia uti band       "press 'u' twice"

    Check if there is any error's E/S  (error/second)

    If so then lower the link speed.

    Also, another step provide us the output of the command;

    Console> sh net interfaces

    Thanks 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Carlo

    Hi Carlo 

    Please check SSL/TLS Inspection logs as well and share the output 

    Thanks 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Carlo

    How can I check information obtained from isp using pppoe connection from cli? Assigned dns servers ipv4 address etc 

    This is something from ISP. If this is blocked on port 67 maybe I'm not receiving all required information.

  • 0 in reply to Carlo

    Hi Carlo 

    Logs not showing proper information 

    below are the logs for three way handshake done : 

    console> tcpdump 'host central.sophos.com
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 byt es


    19:54:08.884274 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [SEW], seq 4023372657, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    19:54:08.885725 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [SEW], seq 4023372657, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    19:54:09.043715 PortB, IN: IP 54.77.73.158.443 > 10.0.3.13.62523: Flags [S.], seq 3930167411, ack 4023372658, win 26883, options [mss 1412,nop,nop,sackOK,nop,wscale 8], length 0
    19:54:09.044316 PortA, OUT: IP 54.77.73.158.443 > 172.16.16.19.62523: Flags [S.], seq 3930167411, ack 4023372658, win 26883, options [mss 1412,nop,nop,sackOK,nop,wscale 8], length 0
    19:54:09.045283 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [.], ack 1, win 1025, length 0
    19:54:09.045668 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [.], ack 1, win 1025, length 0
    19:54:09.048375 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [P.], seq 1:518, ack 1, win 1025, length 517
    19:54:09.049676 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [P.], seq 1:518, ack 1, win 1025, length 517

    Can you re generate the logs and share the output showing three way handshake is getting completed as well what mss value is getting hit on firewall ?

    Thanks 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Carlo

    Hi Carlo 

    Logs not showing proper information 

    below are the logs for three way handshake done : 

    console> tcpdump 'host central.sophos.com
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 byt es


    19:54:08.884274 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [SEW], seq 4023372657, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    19:54:08.885725 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [SEW], seq 4023372657, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
    19:54:09.043715 PortB, IN: IP 54.77.73.158.443 > 10.0.3.13.62523: Flags [S.], seq 3930167411, ack 4023372658, win 26883, options [mss 1412,nop,nop,sackOK,nop,wscale 8], length 0
    19:54:09.044316 PortA, OUT: IP 54.77.73.158.443 > 172.16.16.19.62523: Flags [S.], seq 3930167411, ack 4023372658, win 26883, options [mss 1412,nop,nop,sackOK,nop,wscale 8], length 0
    19:54:09.045283 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [.], ack 1, win 1025, length 0
    19:54:09.045668 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [.], ack 1, win 1025, length 0
    19:54:09.048375 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [P.], seq 1:518, ack 1, win 1025, length 517
    19:54:09.049676 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [P.], seq 1:518, ack 1, win 1025, length 517

    Can you re generate the logs and share the output showing three way handshake is getting completed as well what mss value is getting hit on firewall ?

    Thanks 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Bharat J

    When I run command from shell nothing happens 

    XGS2100_RL01_SFOS 19.0.0 GA-Build317# tcpdump host central.sophos.com
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes

^C
0 packets captured
536 packets received by filter
528 packets dropped by kernel

  • 0 in reply to Carlo

    Hi Carlo 

    follow below step or use option 4 

    XGS2100_RL01_SFOS 19.0.0 GA-Build317#cish 

    console> tcpdump 'host central.sophos.com

    Thanks 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Same result 

    Sophos Firmware Version SFOS 19.0.0 GA-Build317

console> tcpdump 'host central.sophos.com
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
^C
0 packets captured
75 packets received by filter
67 packets dropped by kernel

  • 0 in reply to Carlo

    Hi Carlo

    what about Google.com ?

    getting same result ?

    Thanks

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML