Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Answers 2 answers
  • Subscribers 42 subscribers
  • Views 16354 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN - Severe performance issue after upgrade to XGS-2100 SFOS 19.5.3

Graboid$

We previously have XG-210, SFOS 19.5.2 but due to EOL on XG-210, we are forced to upgrade to XGS-2100.

We are now running the latest SFOS 19.5.3 on the new XGS-2100, and all SSL VPN users are experiencing severe performance issue.

The issue is impacting "All Users" in the business and affecting productivity for the past month with no resolution.

I have logged the case to Sophos Support and a lot of follow up but the issue is still pending with NO Action Plan despite me repeatedly requesting for immediate assistance.

Any one else is having the same issue? 

SSL-VPN Current Setting

Tunnel access: Use as default Gateway (Currently turned off but turned it on for testing, same issue)

UDP | AES-128-CBC | SHA2 256 | 1024 | Compress SSL VPN (Disabled, previously turned on) | Enabled Debug Mode (Disabled, previously turned on)

Support has requested logs and logs but no action plan. 



This thread was automatically locked due to age.
Parents
  • 0

    Any other recommendation is appreciated.

    SSL-VPN Current Setting:

    Tunnel access: Use as default Gateway (Currently turned off but turned it on for testing, same issue)

    TCP | AES-128-GCM | SHA-256 | 2048  | Compress SSL VPN (Disabled) | Enabled Debug Mode (Disabled)

    MTU - 1500

    The above configuration gives us better performance than the previous one that was working with XG-210, however, there is still a bottleneck.

    We have a very simple setup and only 20 SSL VPN users and there are no Site-to-Site VPN.

    Since we upgraded to XGS-2100, the performance in our network has degraded.

    Another problem is that I got a recurring flu for 2 months because I was forced to work on nights by Sophos Support as they needed to gather logs for 3 months now.

    I am now reviewing other alternative products but I will be on a long holiday and will not be back until next year so I am trying to give the XGS 2100 another shot.

    If anyone can suggest any other setting that I can test, it is very much appreciated.

Reply
  • 0

    Any other recommendation is appreciated.

    SSL-VPN Current Setting:

    Tunnel access: Use as default Gateway (Currently turned off but turned it on for testing, same issue)

    TCP | AES-128-GCM | SHA-256 | 2048  | Compress SSL VPN (Disabled) | Enabled Debug Mode (Disabled)

    MTU - 1500

    The above configuration gives us better performance than the previous one that was working with XG-210, however, there is still a bottleneck.

    We have a very simple setup and only 20 SSL VPN users and there are no Site-to-Site VPN.

    Since we upgraded to XGS-2100, the performance in our network has degraded.

    Another problem is that I got a recurring flu for 2 months because I was forced to work on nights by Sophos Support as they needed to gather logs for 3 months now.

    I am now reviewing other alternative products but I will be on a long holiday and will not be back until next year so I am trying to give the XGS 2100 another shot.

    If anyone can suggest any other setting that I can test, it is very much appreciated.

Children
  • 0 in reply to Graboid$

    Hello there,

    To reiterate, Sophos Support should work during your preferred working hours, not the other way around.

    Checking last month's activities, I can see your case is now more aligned with your working hours, but unfortunately, the last session with DEV didn't go as expected.

    I have escalated this case internally with Management so GES/DEV/Management can work with you with a specific time plan to work on your issue if you would like

    As per your case, the only thing I didn't see about the troubleshooting is what Luca recommended about disabling IPsec and Firewall acceleration. Can you confirm if you tried that so I can add the note in the case? 

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Unfiltered HTML