Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Answers 2 answers
  • Subscribers 42 subscribers
  • Views 16359 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN - Severe performance issue after upgrade to XGS-2100 SFOS 19.5.3

Graboid$

We previously have XG-210, SFOS 19.5.2 but due to EOL on XG-210, we are forced to upgrade to XGS-2100.

We are now running the latest SFOS 19.5.3 on the new XGS-2100, and all SSL VPN users are experiencing severe performance issue.

The issue is impacting "All Users" in the business and affecting productivity for the past month with no resolution.

I have logged the case to Sophos Support and a lot of follow up but the issue is still pending with NO Action Plan despite me repeatedly requesting for immediate assistance.

Any one else is having the same issue? 

SSL-VPN Current Setting

Tunnel access: Use as default Gateway (Currently turned off but turned it on for testing, same issue)

UDP | AES-128-CBC | SHA2 256 | 1024 | Compress SSL VPN (Disabled, previously turned on) | Enabled Debug Mode (Disabled, previously turned on)

Support has requested logs and logs but no action plan. 



This thread was automatically locked due to age.
Parents
  • 0

    Sophos GES is way toooo slow for a critical issue that affects all users in the business. I was asked again to wait until 3 days from now. I am running out of options here, I tested several combinations of TCP/UDP and encryption settings, however, I cannot get everything back to normal. It only resolves one issue at a time depending on the protocol and security algorithm,

  • 0 in reply to Graboid$

    Just to be clear: Support / DEV works with Business Impact & Affected Customer flags. This drives the priority score. So if you are the only customer, reporting this kind of behavior, and it is a "slowing down but not stop working" situation, it is not the highest prioritization. Especially if you have a workaround like moving to GCM (Which is a general recommendation). 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I understand that but the ticket has been escalated several times and is already one month old. I tested all the GCM encryption with TCP and UDP, but somehow it only fixed one issue at a time, I am unable to find a combination that works before the migration to the new device and the new firmware. I am tempted to put the XG-210 back into production and transfer the license back to XG-210 but that is a lot of headache and turnaround time considering the location of the device.

Reply
  • 0 in reply to LuCar Toni

    I understand that but the ticket has been escalated several times and is already one month old. I tested all the GCM encryption with TCP and UDP, but somehow it only fixed one issue at a time, I am unable to find a combination that works before the migration to the new device and the new firmware. I am tempted to put the XG-210 back into production and transfer the license back to XG-210 but that is a lot of headache and turnaround time considering the location of the device.

Children
Unfiltered HTML