Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 24 replies
  • Subscribers 35 subscribers
  • Views 3891 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

At my wit's end with WAN bottleneck on FW Home

MaxC12

My friend decided to run FW Home on my recommendation, but he's having trouble and I took the machine home to troubleshoot.  Five days later, I still haven't found the issue.

SFVH (SFOS 19.5.2 MR-2-Build624)

Lenovo ThinkCentre SFF PC
Intel Core i3-8145UE
8GB (6GB usable on Home edition) DDR4 2666

Everything works...  except the WAN download speed is garbage.  On a 400/50 connection, I get ~30mbps download, ~40mbps upload on speedtest.net and ~100mbps download, ~48mbps upload on the Google speed test.  That is across all VLANs and on LAN port direct.  I can also confirm that running speedtest-cli on the device shell gives the same exact results.  Interface speed is confirmed to be gigabit, and multiple cables have been tested.

There is a test top rule that has no features, that I confirmed is used for all access.  IPS off, AV off, Web off, no Advanced protection, no QoS (but limit was tested adjusted to 56250 regardless), no VPN.

CPU usage barely ever passes 18%, memory is stable at 33-35%, including when running `top` in the shell.  Gateway set to DHCP.  DNS set to 127.0.0.1, 1.1.1.1, 8.8.8.8.

WAN zone bandwith reports the reality, slow connection.

I have used a live Linux distribution on the machine and can connect to the WAN at full speed, ruling out port/chipset issues.

With those specs, I should be able to run everything with all services on without a hiccup on a 400/50 connection, yet I can't crack what the issue is.

I use pfSense at home and have no issues if I connect through it at full speed, but the Sophos box immediately slows everything down.



This thread was automatically locked due to age.
Parents
  • 0

    What NICs brand/chipset are you using? 

    why are you using 127.0.0.1 as a DNS server? That is no upstream resolver.

  • 0 in reply to alan weir

    Simply faster when it already resolved.  I tried removing it as well, with no changes to speed.

    Realtek RTL8111s which I found extensive usage of on this forum in working configs.

  • 0 in reply to rfcat_vk

    Directly to the ISP modem. 

  • 0 in reply to alan weir

    Tested with Linux, Windows directly connected, and Android through WiFi. Also ran speedtest-cli through the device advanced shell. 

    Will try the traceroute tonight. 

  • 0 in reply to MaxC12

    Things to check, one the XG WAN interface, auto negotiate, you might need a cross over cable depending on the NIC settings?

    Ian

    XG115W - v20 EAP 1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Tested with auto negotiation and fixed 1G, with several tested cables. The same cable works fine with pfSense, and also worked at full speed when connecting a laptop straight into the modem (got assigned a public IP and worked).

    Same NIC also worked fine with a normal cable running a Linux live distro. 

  • 0 in reply to MaxC12

    Do you have access to another nic card to add to the box for testing purposes using a different chipset but not an intel 219, 225 or 226. The issue appears to be coming down to the driver version being used by Sophos and how upto date it is?

    Ian

    XG115W - v20 EAP 1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Since it's a small form factor PC, I can't - however I will try either a different computer or simply installing Proxmox and Sophos on top of it.  It does seem like this could be the cause.

  • 0 in reply to MaxC12

    If the speed is this much slower only with sophos and not with pfSense or linux live, and since it is a Realtek chipset it does seem like it could be a hardware issue. But for the sake of troubleshooting, have you tried saving the firmware backup and doing a factory restore using the default firmware settings to rule out some configuration issue causing the problem?

    also make sure Sophos is utilizing all your CPU cores. Go to your console and choose option 4. Device Console, then type in at the command line

    system diag show cpu

    It will show you how many CPU cores are being used and the speed.

  • +1 in reply to alan weir

    So I can confirm it's a driver issue as it gets 310mbps on Proxmox. This machine is out, I'll try it on a different computer with an Intel NIC. 

  • 0 in reply to MaxC12

    Make sure they are not intel i219, i225 , i226 because they are not supported by the current version of XG.

    ian

    XG115W - v20 EAP 1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to MaxC12

    If you find a computer that has the small form factor that can support regular size or half-height PCIe NIC cards, you can pick up a dual LAN card for around $35 on Amazon/eBay.

    Some that I have used that I know for a fact work on the XG are the Intel Pro/1000 series, and Intel 82575/6 series.

    If you purchase a different PC, make sure it can boot into legacy BIOS mode, since the XG doesn't support UEFI boot. Recommended are Intel 8th Generation CPUs or older.

    The Qotom mini PCs with the intel i210/i211 chipsets are also common.

Reply
  • 0 in reply to MaxC12

    If you find a computer that has the small form factor that can support regular size or half-height PCIe NIC cards, you can pick up a dual LAN card for around $35 on Amazon/eBay.

    Some that I have used that I know for a fact work on the XG are the Intel Pro/1000 series, and Intel 82575/6 series.

    If you purchase a different PC, make sure it can boot into legacy BIOS mode, since the XG doesn't support UEFI boot. Recommended are Intel 8th Generation CPUs or older.

    The Qotom mini PCs with the intel i210/i211 chipsets are also common.

Children
No Data
Unfiltered HTML