Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Improve IPsec remote access performance

Hello Community,

I'm in the process of switching my companies work from home VPN solution over to use our new Sophos XGS3100 Firewall.

Currently we prefer to use the IPsec remote access service, as it is easy to deploy via the general .scx file and we can set it to run the AD logon script on connection, which the SSL VPN can't do out of the box.

However, we got complaints about poor network performance using the IPsec remote access tunnel, and after investigating myself with iperf trying SSL VPN and IPsec respectively, as well as an iperf test directly to the site, the SSL VPN shows the same bandwith as connecting without VPN, while IPsec suffers a loss in performance of about 20%.

I did some Forum crawling myself and came upon this old thread:  Sophos Connect 2.0 IPSec VPN Slowness with XG Firewall 

My question now is, since i cant ask in that thread, is: when using the "set ips ac_atp exception fwrules", do i use the indexing numer of the fw rule or the ID? The other commands seem staight forward.

Are there any other ways to improve performance of IPsec remote access or should disabling atp do the trick?



This thread was automatically locked due to age.