Sophos XGS 136W - Super Slow VPN Performance 1/10th to 1/50th Actual Speed.

Hi precious,

Thank you for reaching out to Sophos Community and for sharing the case ID. Will further check the given case.

to verify, what kind of VPN are you using? IPsec Remote/SSL VPN Remote?

Using a standard OpenVPN SSL Remote connection.

It's been a pretty poor experience so far. I have been given suggestions of turning bits of the firewall off (kinda defeats the purpose of the firewall). 

It's been over a week of super slow performance causing production outages as so far no useful responses can this be escalated please ? 

I reported slow performance and a few days later the firewall load average hit 1260 (I believe it's a 4 core - XGS 136W) - it then resulted in total failure and a massive outage. I luckily was able to ssh into another 4g backup and bounce the firewall - however no actual solution was provided and I have just a stock firewall doing very little... 

Using a standard OpenVPN SSL Remote connection.

It's been a pretty poor experience so far. I have been given suggestions of turning bits of the firewall off (kinda defeats the purpose of the firewall). 

It's been over a week of super slow performance causing production outages as so far no useful responses can this be escalated please ? 

I reported slow performance and a few days later the firewall load average hit 1260 (I believe it's a 4 core - XGS 136W) - it then resulted in total failure and a massive outage. I luckily was able to ssh into another 4g backup and bounce the firewall - however no actual solution was provided and I have just a stock firewall doing very little... 

Are you using GCM in SSLVPN or something else? 

SSLVPN

Can you link a screenshot of your Global SSLVPN config? 

Also when trying both from my linux and mac - performance is 10 to 20 times lower than raw bandwidth. Both have different versions of openvpn.

Reduced Keysize, Turned off Compress SSL, mss tuned to 1400 (via console under support advise).

Try: 

BTW: This will mean you have to download new configs. 

Thanks, I will have to organise this in the morning.

Appreciate the help - so back to TCP, port to 1443, 1.1.1.1 DNS, AES-256-GCM, 2048 bit Key. 

Will report findings.

Hi, 

No joy - I had a slight increase but we are talking twice the speed. The raw speed of direct connection (via public internet not the firewall) - is around 500-800 Mbps. The vpn gives me 30-40 Mbps.

I even tried toggling the system firewall-acceleration enable  and disabled too - no joy.

Why doesn't the simplest part of this firewall not work ? I'm not asking for the same speed as the raw performance even 1/2 would be great.

How are you testing? What do you do to test it? You are going from VPN to WAN? 

I have a public server on the internet I run "iperf -s 5210" I then run 

"iperf -c PUBLIC_IP -p 5210" - I then try it again with the internet network address (forcing it via the vpn).