Hi,
I have problem with pppoe connection which I don't know how to solve
MTU 1492
MSS 1452
no web policy
no ips
no DoS
tried changing port (on port 2 connection was terrible)
Problem is that pages are loading slow, after I press "enter" on url nothing happens for 10 seconds and then it start to looking for page. I checked on multiple pc's, diferent browsers and directly plugged to lan port (without other clients). Internet speed is about 200 mbps faster on ISP equipment. Behind XG I get around 350 download and 200 upload.
Maybe this has to do something with dns but I don't know how to troubleshoot.
Thanks.
Carlo
A good indicator of troubleshooting is developer mode of your browser.
Press F12 and check the Network tab.
There you should find an information about delays.
Hi Carlo
How about you connect PPPoE directly on laptop and what speet test shows ? and output for ipconfig /all for windows system ?
Please take SSH access of the device and Login to console and execute the command system diagnostics show syslogSave the PPPoE interface configuration and check the output command for PPPoE and share the output.You may also execute the command show pppoe connection status
Please refer the below link and update the ppoe configuration :
https://support.sophos.com/support/s/article/KB-000035683?language=en_US
The web GUI only shows the PPPOE WAN connection MTU value of 1500, and this is the physical interface. The command-line interface (CLI) shows the physical interface and the logical interface. The physical interface for the WAN connection in the CLI has an MTU value of 1500. The logical interface displays an MTU of 1492 and is always deducted by eight due to the PPPOE overhead. The only way to drop the MTU for a PPPOE connection is through the web GUI. For example, if the physical interface is 1500 and an MTU of 1484 is required by the PPPOE connection, drop the physical interface to 1492.
To change the mss or mtu use below command
console> set network mtu-mss PortB mtu <value> mss <value>
Thanks and Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
Thank you for answering.
Output's
console> system diagnostics show syslog Jul 22 18:52:33Z localhost pppd: Port2.995: peer from calling number XX:4D:29:EX:XX:XX authorized Jul 22 18:52:36Z localhost pppd: Port2.995: Failed to create /etc/ppp/resolv.conf: Read-only file system Jul 22 18:52:36Z localhost pppd: Port2.995: local IP address xxx.xxx.xxx.xxx Jul 22 18:52:36Z localhost pppd: Port2.995: remote IP address 10.0.0.1 Jul 22 18:52:36Z localhost pppd: Port2.995: primary DNS address 18x.xxx.xxx.1 Jul 22 18:52:36Z localhost pppd: Port2.995: secondary DNS address 10.0.0.1 Jul 22 18:52:40Z localhost ipsec_starter: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory Jul 22 18:52:40Z localhost up_tunnels_on_id(): Making connections on interfaceid 3 up or add (as per their auto= configuration) Jul 22 18:52:40Z localhost ipsec_starter: expanding file pattern '/_conf/ipsec/connections/*.conf' failed: No such file or directory Jul 22 19:01:26Z localhost cish: session opened from console
console> show pppoe connection status ----- PPPoE Connection Status ----- Port2(xxx.xxx.xxx.xxx) : Connected
does this mean something?
Please check the status for the below commands
system appliance_access show
system firewall-acceleration show
Thanks
console> system appliance_access show Appliance access disabled. console> system firewall-acceleration show Firewall Acceleration is Enabled in Configuration. Firewall Acceleration is Loaded.
can you disable firewall acceleration and check website loads ?
Since when you identified the issue, any change done on upstream router and caused the issue?
May be live session is required to generate proper logs and investigate the issue along with packet flow from Sophos firewall
Have you raised support case ?
Please check if there is no issue with mss too as tcpdump you shared not having enough information
console> set network mtu-mss Port2 mtu default mss 1380
Please revert the old settings if no change is found
Aslo, check the interface negotiation 100FD or 100HD ,you may also check if there is any negotiation issue between WAN or LAN with the next-in-line device.
Open Console go to Option 4 and type ethe command
console > system dia uti band "press 'u' twice"
Check if there is any error's E/S (error/second)
If so then lower the link speed.
Also, another step provide us the output of the command;
Console> sh net interfaces
Please check SSL/TLS Inspection logs as well and share the output
How can I check information obtained from isp using pppoe connection from cli? Assigned dns servers ipv4 address etc
This is something from ISP. If this is blocked on port 67 maybe I'm not receiving all required information.
Logs not showing proper information
below are the logs for three way handshake done :
console> tcpdump 'host central.sophos.comtcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 byt es
19:54:08.884274 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [SEW], seq 4023372657, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 019:54:08.885725 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [SEW], seq 4023372657, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 019:54:09.043715 PortB, IN: IP 54.77.73.158.443 > 10.0.3.13.62523: Flags [S.], seq 3930167411, ack 4023372658, win 26883, options [mss 1412,nop,nop,sackOK,nop,wscale 8], length 019:54:09.044316 PortA, OUT: IP 54.77.73.158.443 > 172.16.16.19.62523: Flags [S.], seq 3930167411, ack 4023372658, win 26883, options [mss 1412,nop,nop,sackOK,nop,wscale 8], length 019:54:09.045283 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [.], ack 1, win 1025, length 019:54:09.045668 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [.], ack 1, win 1025, length 019:54:09.048375 PortA, IN: IP 172.16.16.19.62523 > 54.77.73.158.443: Flags [P.], seq 1:518, ack 1, win 1025, length 51719:54:09.049676 PortB, OUT: IP 10.0.3.13.62523 > 54.77.73.158.443: Flags [P.], seq 1:518, ack 1, win 1025, length 517
Can you re generate the logs and share the output showing three way handshake is getting completed as well what mss value is getting hit on firewall ?
When I run command from shell nothing happens
XGS2100_RL01_SFOS 19.0.0 GA-Build317# tcpdump host central.sophos.com tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes ^C 0 packets captured 536 packets received by filter 528 packets dropped by kernel
follow below step or use option 4
XGS2100_RL01_SFOS 19.0.0 GA-Build317#cish
console> tcpdump 'host central.sophos.com
Same result
Sophos Firmware Version SFOS 19.0.0 GA-Build317 console> tcpdump 'host central.sophos.com tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes ^C 0 packets captured 75 packets received by filter 67 packets dropped by kernel
what about Google.com ?
getting same result ?