This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 & slow upload speeds

Hi everyone, 

Been reading the forums on this site for a good 2 weeks regarding my issue.   & I have tried many many things but with the environment being 200+ users and half of them on VPN there are limited changes I can make.  The issue is that I only get 1.2Mbps on the average for upload speed.  (IE:  If I am home, and download a file from a server on-site through VPN).   To jump straight to the point, I've logged into the firewall via SSH and performed a wget <file>  to test the speed and still got below 2Mbps (the site has a dedicated 300Mbps up/down).  So does this mean that the issue is now with the ISP?  
Checking through logs / live logs (IPS / QOS / firewall / etc.) has not helped at all here, as none of these services are applied to the VPN. 

Thanks
John



This thread was automatically locked due to age.
  • IE: Is there nothing left I should check on the firewall?  

  • Have you tried to disable IPS (then reboot or restart the httpd service)?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Yes.  Seen that in a post.  
    - no QOS implemented
    - the SSL/VPN users group (definition) is not part of the IPS.  (creating exceptions for does nothing of course)
    - when downloading the IP is not mentioned in the firewall or IPS logs
    - there is only one WAN interface defined (IE:  VPN, internet, etc go through the one WAN link)

    Ironically we have a offsite backup site we use which can do 100Mbps and does no problem. Downloading from the internet has great speeds. 

    So I'm a bit perplexed why this cap on the upload speed.  But I was brought into this setup 3 months ago with no prior IT admin.  The only thing I did not try was adding the SSL users group to the Advanced Threat Protection exception.  But this would imply that I see this in the logs, which I do not.

    Can I assume that if I did a ssh / test internet speed that rules out all config issues in the GUI?   (the SSH download from the firewall bypasses all rules/IPS, etc.)

  • Open up a ssh session then run top while performing a speed test that usually results in slow throughput.  Observe which process (if any) has high cpu load.

  • Yep, done that.  It was just postgres (SQL), the same as usual.  

  • The only real test I didn't do was bypass the firewall all together.  I did call the ISP today to verify if they were not limiting VPN or a specific WAN IP, etc.  Obviously they were of no help, understood.  My assumption for this post was that by testing internet speed through SSH that it bypassed all rules and protection of the firewall?

  • That would be one of the first things to try so you can rule the UTM in or out first. I haven't heard about anything bypassing the firewall like SSH before.  

    I didn't see it in your posts at all - is this a Sophos hardware appliance or do you have a different hardware device? If it is your own computer, what is the NIC you have installed?  (Please don't say Realtek, lol).

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • The setup is dual/redundant SG330.  The outside interface would be the ISP equipment and the inside is the Cisco network.

  • dual/redundant = HA mode, yes?  I would really try a connection not behind the UTM to make sure it's not your ISP.  They have been known to do stupid things like this.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hi John and welcome to the UTM Community!

    I like to set up the SSL VPN using UDP instead of TCP, but that's not practical for you at this point.

    If you don't have a load balancer or other device between you and the ISP connection, try configuring an IPsec (L2TP/IPsec or pure IPsec) connection - any better throughput with that?

    I suspect that you will find something in the SSL VPN log, but with that many users, you might need to access in the middle of the night to be able to see the problem.

    If you haven't already done so, you will want to open a case with Sophos Support.  Since first level is usually from India, they should easily be able to do an SSL VPN session at 3 AM your time.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA