Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 45 replies
  • Answers 2 answers
  • Subscribers 44 subscribers
  • Views 9193 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS 136W - Super Slow VPN Performance 1/10th to 1/50th Actual Speed.

precious pangolin

Hi Sophos Community Team,

I Have Sophos XGS 136W 

Latest OS + Fixes including SSD Fix (that wasn't a fun update FYI).

I currently am experiencing very slow VPN performance - like bare iperf speed is 500-900 Mbps and sophos VPN speeds between Sophos XGS 136W and a

OpenVPN - UDP - No Compression is barely 50 Mbps

Anyone got any solutions to help get the speed up to something closer to the spec sheet value ? 

I also suffered an outage as load averages on this device went to 1260 - this was resolved with a restart but no actual answer to why - just that the snort process was using up all the CPU.

I have gotten no answers from Sophos after a week and the only suggestions were turning bits of the firewall off and reducing cores allocated to specific services. Not really much use given I need a firewall not a passthrough device.

Sophos CaseID: 07200288

OpenVPN version : - OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022



This thread was automatically locked due to age.
Parents
  • 0

    Hi precious,

    Thank you for reaching out to Sophos Community and for sharing the case ID. Will further check the given case.

    to verify, what kind of VPN are you using? IPsec Remote/SSL VPN Remote?

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Using a standard OpenVPN SSL Remote connection.


    It's been a pretty poor experience so far. I have been given suggestions of turning bits of the firewall off (kinda defeats the purpose of the firewall). 

    It's been over a week of super slow performance causing production outages as so far no useful responses can this be escalated please ? 

    I reported slow performance and a few days later the firewall load average hit 1260 (I believe it's a 4 core - XGS 136W) - it then resulted in total failure and a massive outage. I luckily was able to ssh into another 4g backup and bounce the firewall - however no actual solution was provided and I have just a stock firewall doing very little... 

Reply
  • 0 in reply to Erick Jan

    Using a standard OpenVPN SSL Remote connection.


    It's been a pretty poor experience so far. I have been given suggestions of turning bits of the firewall off (kinda defeats the purpose of the firewall). 

    It's been over a week of super slow performance causing production outages as so far no useful responses can this be escalated please ? 

    I reported slow performance and a few days later the firewall load average hit 1260 (I believe it's a 4 core - XGS 136W) - it then resulted in total failure and a massive outage. I luckily was able to ssh into another 4g backup and bounce the firewall - however no actual solution was provided and I have just a stock firewall doing very little... 

Children
Unfiltered HTML