I meeting a client tomorrow to tshoot his bad experience with internet connection speed when connected to Remote SSL VPN. I'm not an expert so I've made some research and found few things that I check/test. Appreciate any advise that could help me to "look the right direction"
The client is running on Sophos XG210 (SFOS 19.0.1 MR-1-Build365). His connection drops from cca 140Mb when not on VPN to cca 40Mb when on VPN
Thank you for contacting the Sophos Community.
Take a look at this RR on checking the settings for VPN speed.
thank you for the link... Will test it later this week.
Got one more question if you don't mind? When I change any setting to SSL VPN (for example, I have Split Tunnel configured which I want to turn of, or changing Encryption or Compression), I know I have to download and import new configuration file.... Wondering, what happens to users until I import it to them? Will VPN stop working for them? Or will just work with the old configuration until I import the new one..... Its quite basic but had not have to deal with it yet so not 100% sure...
If there are any changes to VPN settings, Users may not be able to connect. For best Practice, I would advise scheduling the update and re-send the users the new configuration file in one go
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Use provision file, than user can update there one config.
Bart van der Horst
Sophos XG v18(.5) / v19 Certified Architecthttps://www.bpaz.nl
Hi, do not use compression and use aes-128-GCM, also use UDP.
Yes, do not use compression for multiple reasons, and GCM is reputed to be faster. I'd try those first to see where you land, then compare TCP and UDP. (Personally, I've stuck with TCP because I figure fewer remote locations are likely to kill TCP SSL (i.e. the Web) than UDP SSL (only VPN?).
This could have multiple Reasons
- Firewall Rules with features Enabled like IPS or Web/SSL Inspection- Webrules have bad Regex and causing high CPU usage on the Sophos Firewall- The Firewall is maybe to little? Try it with only one user connected and see if its difference- DoS Attacks is enabled (Many complaints its cause of many perfomance issues)- Maybe to many Firewall rules, try order them, since the firewall is looking through each upside down- A connection drop can be caused by other stuff too, not sure how he tested it, like typical windows server smb would start at 200 mb/s and will drop down to 120 mb/s(So try it out with something like programm like robocoopy if it's really a issue of the sophos, were target and client are both ssd.)