This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.7 poor bandwith

Hi everyone,

I'm testing Sophos UTM 9.7 deployed in a Hyper-V 2019 Gen1 VM but I can't get a decent throughput and I don't know why.

It's a VM with 4 vcores (Xeon), 8GB RAM and it's deployed on a NVMe. The problem can't be the lack of resources.

UTM will be the frontend of a nextcloud server, exchange and other services but let's focus on the first one (all of them are in the same HOST). If I connect directly to the NC server, I easily get 80-90 MB/s of download speed (expected) but if I put UTM in the middle, it drops to 14-16 MB/s, which is really really sad.

I've disabled everything from UTM: no firewall profiles, no IPS, no nothing... and I'm able to increase the throughput 5 MB/s aprox but it's far away from what it should be as you can imagine. I've checked the MTU and there's no drops or errors (ifconfig). I'm seeing the same behavior from LAN-to-LAN and LAN-to-WAN so it can't (or shouldn't) be the NIC/s.

I've been searching for this but I couldn't find an answer that applies to what I'm facing.

I'm pretty newbie of UTM so I hope you can guide me on this.

Thank you in advance!



This thread was automatically locked due to age.
Parents
  • Hi  

    What is the virtual interface NIC type? I can't think of anything else causing an issue when you've basically disabled everything which might put traffic in the buffer. 

    Regards

    Jaydeep

  • Hi 

    It's not a legacy one if that's what you are asking. The VM is Gen1 with 2 NICs (WAN/LAN) attached. Any idea?

  • If it's not a legacy one, that's good. Would you please check kernel.log and ips.log in the SSH and see if there are any messages as "Session exceeded configured max bytes to queue". You may refer to this KBA Sophos UTM: Log names and service locations

    Regards

    Jaydeep

  • Hi  

     

    I've restarted the VM and I've download some data just to put some traffic there. As usual, 14MB/s.

    Kernel log file:

    2019:12:27-18:33:54 utm kernel: [   34.204413] u32 classifier
    2019:12:27-18:33:54 utm kernel: [   34.204415]     input device check on
    2019:12:27-18:33:54 utm kernel: [   34.204416]     Actions configured
    2019:12:27-18:33:54 utm kernel: [   34.205730] Mirror/redirect action on
    2019:12:27-18:34:11 utm kernel: [   50.696310] hv_balloon: Received INFO_TYPE_MAX_PAGE_CNT
    2019:12:27-18:34:11 utm kernel: [   50.696323] hv_balloon: Data Size is 8
    2019:12:27-18:34:49 utm kernel: [   89.138314] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.


    and that's all. IPS.log is empty.

    Here's some screenshots of what I have:





    Any idea? Let me know if you need more screenshots or logs.


    It's quite frustrating.

     

    Thanks for your help!

  • Hola and welcome to the UTM Community!

    Is it the VM that has 4 cores and 8GB of RAM or the physical server it's running on?  What virtual NIC is the External interface defined on?  The Internal interface?  What physical NICs are in your server?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks  

    The VM has 4 cores and 8GB of RAM. The host is a HyperV 2019 with 48 cores and a lot of RAM. The physical NICs are 2 Intel i350-T2 in LACP. More than enough for a LAB environment :)

    I'm facing the problem in both UTM NICs (Internal or External). When I saw this sad performance I first thought that it was because my Internet connection or something external but same happen from my LAN.

    I've cloned the VM for testing this and removed everything but the Nextcloud config. The internal NIC is connected to the SAME vswitch that Nextcloud server is connected to.

    Modifying only the hosts file of my PC, if I download directly from the Nextcloud server I get 80~90MB/s but if I put the UTM ip (LAN), I'm only getting 10~15MB/s. Everything is in the same /24. No VLANs, no nothing.

    More info: If I UPLOAD a file, I get almost 30 MB/s.

    I guess it's a very simple scenario and that's why I can't understand how I'm getting this rates and where the problem may be.

    Cheers

  • Hi guys!

    Any idea where to look? I've started from the scratch with a new VM and I'm facing the same behavior.

    Cheers

  • What virtual NIC is in use for the Internal interface?  What relevant lines do you see in reverseproxy.log?  What throughput do you get if you put a Full NAT on an Additional Address on the Internal interface and download via that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi BAlfson,

    What virtual NIC is in use for the Internal interface?

    I'm sorry, I don't understand what you mean. What specific information do you need?

     

    What relevant lines do you see in reverseproxy.log?

    Only this kind (no errors, no nothing):

    2020:01:15-22:49:12 utm httpd: id="0299" srcip="192.168.1.2" localip="192.168.1.20" size="81" user="-" host="192.168.1.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="37930" url="/ocs/v2.php/apps/notifications/api/v2/notificati....

     

    What throughput do you get if you put a Full NAT on an Additional Address on the Internal interface and download via that?

    I've added a new NIC and created a new Full NAT as you said and I'm getting a little worse throughput (-2/-3 MB/s)

Reply
  • Hi BAlfson,

    What virtual NIC is in use for the Internal interface?

    I'm sorry, I don't understand what you mean. What specific information do you need?

     

    What relevant lines do you see in reverseproxy.log?

    Only this kind (no errors, no nothing):

    2020:01:15-22:49:12 utm httpd: id="0299" srcip="192.168.1.2" localip="192.168.1.20" size="81" user="-" host="192.168.1.2" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="37930" url="/ocs/v2.php/apps/notifications/api/v2/notificati....

     

    What throughput do you get if you put a Full NAT on an Additional Address on the Internal interface and download via that?

    I've added a new NIC and created a new Full NAT as you said and I'm getting a little worse throughput (-2/-3 MB/s)

Children
  • "I've added a new NIC and created a new Full NAT as you said and I'm getting a little worse throughput (-2/-3 MB/s)"

    This is certainly an issue with incompatibility between the UTM and the virtual NIC defined in Hyper-V 2019.  When you define the NIC for the Hyper-V VM for UTM, what other choices are there for the type of NIC?

    If you're using a physical NIC instead of one defined on Hyper-V, what is the make and model of the hardware NIC?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    That's the only option that I have in UTM:

    In HyperV:

    WL is a LACP with two Intel I350-T2 and WAN is a I210. I'm facing the same behavior on both.

     

    Cheers.

  • What are the 'Advanced' options for the NIC?

    If this is a paid subscription, you will want to get a ticket open with Sophos Support.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    In "Advanced Features" you can set the MAC spoofing, mirroring mode, teaming, etc. Nothing that can help us here.

    I was trying UTM and it's the Free License... By the looks of it, I think I'll have to discard it and return to pfSense :(

    Cheers!