Hello,
I have two sites configured with HA XG2100 firewalls, At both sites 1GBe Port2 is the WAN connection this is a 100/100 circuit typically usage is around 30%, 1GBe Port 6 is an MPLS L2 1Gbp/s Circuit that connects both sites. All LAN traffic is handled via a 2 port SFP+ 10GB fiber module. Routing between both sites is with static routes. There are a number of firewall rules on the MPLS circuit but no IPS/advanced services, throttling has been removed for testing.
When the MPLS circuit is fully utilised typically with offsite backups there are performance issues with our WAN connection, ping is regularly over 100ms, if the backup job is stopped ping is around 7ms. This has caused issues with the VoIP services i am hosting.
I have spoken with Sophos support and they advised that 100% utilisation of an interface would cause disruption of other interfaces due to queuing/buffers and advised me to throttle to connection. there are no issues with CPU/memory usage. when throttling the connection at 75% with a traffic shaping rule there are no WAN issues.
i am surprised that traffic on one interface can have such a noticeable impact on WAN connectivity, i don't see any issues when the 2 port SFP+ 10GB fiber module is routing traffic beyond Gigabit speeds between LANS.
is the XGS2100 hardware the cause of these issues, The Specification for this device is 16,500 Mbps FIREWALL IMIX throughput?
is there a 1000Base-T SFP module available for the XGS2100 and would using this improve performance?
Are there any troubleshooting steps that you can suggest ?
or is it generally good practice to avoid 100% utilisation even when other system activity is low, overnight backups etc.
Thanks
Edited TAGs
[edited by: Erick Jan at 2:01 PM (GMT -7) on 29 Jul 2024]
