Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

At my wit's end with WAN bottleneck on FW Home

My friend decided to run FW Home on my recommendation, but he's having trouble and I took the machine home to troubleshoot.  Five days later, I still haven't found the issue.

SFVH (SFOS 19.5.2 MR-2-Build624)

Lenovo ThinkCentre SFF PC
Intel Core i3-8145UE
8GB (6GB usable on Home edition) DDR4 2666

Everything works...  except the WAN download speed is garbage.  On a 400/50 connection, I get ~30mbps download, ~40mbps upload on speedtest.net and ~100mbps download, ~48mbps upload on the Google speed test.  That is across all VLANs and on LAN port direct.  I can also confirm that running speedtest-cli on the device shell gives the same exact results.  Interface speed is confirmed to be gigabit, and multiple cables have been tested.

There is a test top rule that has no features, that I confirmed is used for all access.  IPS off, AV off, Web off, no Advanced protection, no QoS (but limit was tested adjusted to 56250 regardless), no VPN.

CPU usage barely ever passes 18%, memory is stable at 33-35%, including when running `top` in the shell.  Gateway set to DHCP.  DNS set to 127.0.0.1, 1.1.1.1, 8.8.8.8.

WAN zone bandwith reports the reality, slow connection.

I have used a live Linux distribution on the machine and can connect to the WAN at full speed, ruling out port/chipset issues.

With those specs, I should be able to run everything with all services on without a hiccup on a 400/50 connection, yet I can't crack what the issue is.

I use pfSense at home and have no issues if I connect through it at full speed, but the Sophos box immediately slows everything down.



This thread was automatically locked due to age.
Parents Reply Children
  • What device are you using for the speedtest (windows/Android?) Is it wired connection? Have you tried using auto negotiation for the link speeds?

    Do a Diagnostics-->Traceroute-->8.8.8.8

  • How are you testing this, connected directly to your isp or through another firewall or router?

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Directly to the ISP modem. 

  • Tested with Linux, Windows directly connected, and Android through WiFi. Also ran speedtest-cli through the device advanced shell. 

    Will try the traceroute tonight. 

  • Things to check, one the XG WAN interface, auto negotiate, you might need a cross over cable depending on the NIC settings?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Tested with auto negotiation and fixed 1G, with several tested cables. The same cable works fine with pfSense, and also worked at full speed when connecting a laptop straight into the modem (got assigned a public IP and worked).

    Same NIC also worked fine with a normal cable running a Linux live distro. 

  • Do you have access to another nic card to add to the box for testing purposes using a different chipset but not an intel 219, 225 or 226. The issue appears to be coming down to the driver version being used by Sophos and how upto date it is?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Since it's a small form factor PC, I can't - however I will try either a different computer or simply installing Proxmox and Sophos on top of it.  It does seem like this could be the cause.

  • If the speed is this much slower only with sophos and not with pfSense or linux live, and since it is a Realtek chipset it does seem like it could be a hardware issue. But for the sake of troubleshooting, have you tried saving the firmware backup and doing a factory restore using the default firmware settings to rule out some configuration issue causing the problem?

    also make sure Sophos is utilizing all your CPU cores. Go to your console and choose option 4. Device Console, then type in at the command line

    system diag show cpu

    It will show you how many CPU cores are being used and the speed.