Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS2100: massive problems with Web-Traffic

Dear Sir or Madam, 

my name is David Lorenz from AAIC Soft Systems GmbH.
We have serious web traffic problems with one of our customers with an XGS2100. It's not easy to describe.
The customer previously had an SG and did not have these problems. Now to the problem.

When researching (browsing), web traffic is momentarily (over 20 seconds) stuck.
However, this does not happen to all users at the same time and it occurs with all users several times a day.

SSL/TLS inspection, web filter, QoS and application filter are already completely disabled. It occurs across browsers.
In Firefox, via. CodeViewer shows the error "NS_BINDING_ABORTED" and "NS_ERROR_NET_TIMEOUT" in case of an error.
There are no ping dropouts. The problem is all about web traffic. Apparently it's not because of the VDSL line or the wiring.
The MTU is also correct (according to customer and provider).

The customer also uses a Sophos Central Endpoint (for information).
We don't know what to do here and are now turning to the great community.

Do you have an idea? For example, is there a way to reset the web engine?
I would be more than happy about a help or an approach, because the customer is very frustrated.
The on-site administrator in particular feels this.

Otherwise I wish you a nice rest of the week!


/resized-image/__size/1280x960/__key/communityserver-discussions-components-files/126/pastedimage1674059048873v2.png

/resized-image/__size/1280x960/__key/communityserver-discussions-components-files/126/pastedimage1674059085243v4.png


This thread was automatically locked due to age.
Parents Reply
  • Hello ,

    what do you mean with authentication? In FW Rule nothing yet (LAN-Network to WAN-Any).

    For VPN extra local accounts. But there are two DomainController (Microsoft Servers) for synchronising the ad folders. Also we use STAS and STAC (from Central Endpoint on Terminalserver) to know what IP is binded to the user.

Children