I'm in the process of switching my companies work from home VPN solution over to use our new Sophos XGS3100 Firewall.
Currently we prefer to use the IPsec remote access service, as it is easy to deploy via the general .scx file and we can set it to run the AD logon script on connection, which the SSL VPN can't do out of the box.
However, we got complaints about poor network performance using the IPsec remote access tunnel, and after investigating myself with iperf trying SSL VPN and IPsec respectively, as well as an iperf test directly to the site, the SSL VPN shows the same bandwith as connecting without VPN, while IPsec suffers a loss in performance of about 20%.
I did some Forum crawling myself and came upon this old thread: Sophos Connect 2.0 IPSec VPN Slowness with XG Firewall
My question now is, since i cant ask in that thread, is: when using the "set ips ac_atp exception fwrules", do i use the indexing numer of the fw rule or the ID? The other commands seem staight forward.
Are there any other ways to improve performance of IPsec remote access or should disabling atp do the trick?
[edited by: emmosophos at 7:39 PM (GMT -7) on 30 Mar 2023]