Sophos SSL VPN - Severe performance issue after upgrade to XGS-2100 SFOS 19.5.3

Question

We previously have XG-210, SFOS 19.5.2 but due to EOL on XG-210, we are forced to upgrade to XGS-2100. 
 We are now running the latest SFOS 19.5.3 on the new XGS-2100, and all SSL VPN users are experiencing severe performance issue. 
 The issue is impacting "All Users" in the business and affecting productivity for the past month with no resolution. 
 I have logged the case to Sophos Support and a lot of follow up but the issue is still pending with NO Action Plan despite me repeatedly requesting for immediate assistance. 
 Any one else is having the same issue? 
 
 SSL-VPN Current Setting 
 Tunnel access: Use as default Gateway (Currently turned off but turned it on for testing, same issue) 
 UDP | AES-128-CBC | SHA2 256 | 1024 | Compress SSL VPN (Disabled, previously turned on) | Enabled Debug Mode (Disabled, previously turned on) 
 Support has requested logs and logs but no action plan.

emmosophos · Answer

Hello, 
 This is now being investigated under NCL-1798 . 
 Regards,

Graboid$ · Answer

The above recommendation pointed me in the right direction. I tested several combinations of TCP, Encryption Algorithm and Key Size, however, it only resolves one performance issue over the other and it does not resolve all other performance issues. e.g., I used TCP, AES-128GCM, 1024 and SMB transfer is a lot faster but has high ping latency which affects internal apps. TCP and AES-128-CBC, 2054 key resolves ping latency but Outlook performance is very poor. I am still trying all possible combinations, however, unless I know what is really causing the issue after the migration, it would be hard to find the proper setup.

Sophos SSL VPN - Severe performance issue after upgrade to XGS-2100 SFOS 19.5.3

Top Replies