Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Performance is horrible using TCP or UDP

We have 2 XG330 in HA, a 300Mbit connection and are using the SFOS 20.0.0 GA-Build222 firmware with Sophos Connect.

Using the SSL VPN with UDP we are seeing speeds of 3.6Mbit down and 6.9Mbit up.  The Client has 100Mbit.

I've read a lot of different threads here regarding this issue, most of them are older than 2 years and most of them do not have an acceptable answer to this problem other than to switch the people who need a faster connection to IPSEC.

If anyone has any ideas I'll be glad to hear them.



This thread was automatically locked due to age.
  • Changing the Debug Mode setting should not result in a need to download a new profile; changing the compression setting will (and I agree with the others, turn that off).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • compression is now off, no change in performance at all.  Do I need to reboot the firewalls?

  • I'm starting to think we should try IPSEC for the users who need it, I've read that it is faster than the SSL.

  • No reboot should be needed.  

    You have an interesting problem there, and I haven't seen a speed issue like this in a while.  Though in the recesses of my mind, I recall a couple of scenarios:

    1)  The WAN link on the firewall had a speed / duplex mismatch with the ISP gear -- granted I have not seen this in many moons but I have before.  Causes strange behavior.

    2)  I don't see it mentioned here -- have you disabled UDP flood protection?  That can cause issues with UDP streams.

    3)  Also, haven't seen it here, have you tried testing, say, from a directly connected link?  There could be some throttling happening at your ISP, the client's ISP, or in between, of that traffic.  YOu can try a different port, etc.

    Of course trying IPSEC may work as well -- but more "free" Wi-Fi connections block that usage than others.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.