We have a XG2300 with a 500/500 WAN. At home I have a run-of-the-mill 70/70 FiOS (or thereabouts)
I connect to a file sharing site hosted at my office and I get, on average, 60-70mbs when downloading s file via our public IP address.
I jump on our IPSEC Remote Access VPN and is drops to barely 30mbs when downloading the same file, now from the private LAN address through the VPN.
I understand I could just access it via our internet address with a split tunnel, but I did this deliberately as a test since I have some resources that can only be accessed through the VPN, are slow, and I wanted a way to compare VPN vs no-VPN to try too find the bottleneck.
I have disabled DoS checking and have no IPS or other filtering between the VPN and our LAN. I've tinkered with MTU with no significant difference.
The traffic isn't being blocked -- the file does download. Just slowly.
Is this normal? Is IPSEC expected to cut speeds in half?
Anything best-practices when it comes to IPSEC RA? I have it configured with the defaultremoteaccess ipsec profile. Client is Sophos Connect on a Mac.
Any way to download the logs and/or packet capture into a PCAP or text file I can post?
I found this similar to the case you're having right now, you may refer to the link below.
Kindly let us know how it goes for you.
You may also check the reference below:
Create and Download Packet Capture:https://soph.so/oViUhS
Diagnostic Tool on Sophos XG: https://soph.so/kYkXcK
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Thank you Erick,.
The steps from this post definitely helped (mostly). I was in the office while applying them and connected from my iPhone over cellular. I get much more speed than before.
I'm still stuck at around 30-35 at home on MacOS. I do get nearly my max speed (60-70) when using my phone over wifi, but when connecting my computer, is slows. So I'm thinking it's a MacOS/Monterey thing but I cannot find any corroborating posts/info yet. And being Mac, I'm very limited in how much I can tweak the settings it decides to use,
please check your anti virus settings on the Mac. I have removed my anti virus from two macs because of performance hits. I am a home user.
XG115W - v19.5 GA - Home
Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA
If a post solves your question please use the 'Verify Answer' button.
Everything's off or uninstalled while I'm testing this. Thanks,