Hey guys.
I wanted to know about best practices for using Sophos in bridge mode. I have little basis in this matter and ask for help from those more experienced in the community.
I have an environment with the network segmented into vlans, one for desktops, another for wireless network and one for servers.
A Cisco Router, A Bridged Sophos, A WAN Optimizer and a Switch.
I apply only App and Web filter in proxy mode. I'm not using DPI and SSL Inspection. I also use QOS, user authentication, etc.
I created a bridge in standard mode, without modifying anything with two ports involved. Port 1 with LAN network zone and Port 2 as Wan zone, inside the bridge.
I created the firewall rules to allow everything that is dhcp from all vlans.
Then the rules that release communication between the vlans and others for the internet.
Everything works.
What I see is high CPU usage on my XGS 107 box on version 18.5. In this environment runs around 40 hosts. The average is between 70~80% CPU usage. Sometimes it's almost at the top of CPU usage.
The main features I notice use a lot of CPU:
awarrenhttp
garner
Sometimes I see awarrenhttp using 99% but the CPU doesn't hit 100%.
Seeing the processes attacked other than internal traffic throughput problem. Be it only with awarrenhttp and garner, what would they be?
How could I optimize and verify what consumes them so much on my network?
Bridge performance, is there anything that would help let it perform well?
Note: I have no complaints about the internal network. No problem. These are my concerns and wanting to apply the best practice. My internet link is low and has high latency, so I use a wan optimizer (Riverbed) and with it the DPI mode does not work, so I use Proxy.
This thread was automatically locked due to age.
Quote