Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 28 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 7580 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

5% upload speed on Sophos UTM

goose7791

First off let me say I know this has been a frequent question posted here regarding slow upload speeds on the UTM.  I have been a UTM user for well over a decade probably closer to 15 years.  I may not be a Bob expert but I know my way around the software. 

I recently got an ATT symmetric 1GB fiber line and plugged it up to my UTM VM.  At first, performance was normal and expected.  I was getting close enough to max throughput with the understanding that I would be getting less because it was running in a VM on older hardware.  All fine.  Then one day, and I honestly don't know when, upload performance just took a nose dive.  I would get 3-5Mbps on uploads.  Sometimes spiking to 7%.  

I did all the normal things, turned off IDS, turned off web filtering, confirmed 1500 MTU on all NICs, you name it.  I have a small Ubiquiti FW as a backup and it was able to get full 1Gb from all my VM's and my physical boxes, so I know my internal network is fine and can handle it.  I even built not 1 but 2 brand new UTMs.  One I did a restore of a config and another I did unconfigured, no settings.  The performance of all these UTMs is the same 5Mbps upload.  Download speeds are fine and close to theoretical maximums.  I am at a complete loss.  I do NOT want to migrate my services to Ubiquiti.  I want to keep using the UTM. What else can I do?  there are no IDS or filtering logs to check since all of that is disabled.  Is this an ATT thing?  Is there some special setting I need to make on the ATT FW or UTM interface setting I need to make to get this to work?  It doesn't have to be perfect, but symmetrical upload is all I want.  



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to goose7791

    Out of curiosity have you tried installing the UTM on the bare hard drives? Also Intel NICs are preferred over the others. You said the Dell server has Broadcom. Not sure if that is causing the issue. Since you were able to get the full 1Gbps on the Ubiquity firewalls VM on the same hardware, it seems everything is fine on your ISPs end. 

    Check firewall logs while you do speed tests on different sites. Is anything being blocked. I also had a thought that your upload speed is so fast it's triggering the TCP SYN/UDP flood alerts of the IPS. LOL. But you said it was disabled. 

  • 0 in reply to goose7791

    Did you try modifying the speed&duplex settings as suggested above?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to alan weir

    Alan, meant to comment on this earlier. I've had good results with i211/i219 and some other intel gigabit adapters.

    Several boards purchased in the last year came with the i225-v.  This adapter has had 3 hardware revisions and is still a POS in my opinion. Even with a rev3, i've had issues with it showing cable disconnected (while connected).  Any manipulation of the adapter (disable/enable), causes mass system instability to the point where a full power disconnect is needed - reset/power button does not work.

    Granted, this is under windows, not sure if linux is any better. There's numerous posts about this on intel's forum as well as reddit.  It's bad enough that if I need/want onboard ethernet, I will pass on any board that comes with it.  The rtl8125 on the other hand has worked flawlessly for me in both windows and linux. The other option is to disable the nic in bios and install a pcie nic. This may be a good alternative if you want quad port nic capability. Otherwise it wastes a slot.

    My proxmox box has a i211 (pass through to utm), and the rtl8125 (used a vnic). This has been in operation since may 2021.

    Hate to say it, but today prefer a rtl nic over intel given the above.

  • 0 in reply to BAlfson

    I went looking but that is not an option as a VM.  The only changes available to make are virtual MAC and does it look for HA traffic.  

  • 0 in reply to alan weir

    I haven't done UTM on a physical box yet.  I think that is the next step after I make some virtual stack changes like swapping cables with the physical Unifi FW and dropping MTU on the switch and the ESXi port groups down to 1500.  It really does feel like an MTU thing.

  • 0 in reply to goose7791

    The changes are in WebAdmin on the 'Hardware' tab of 'Interfaces'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to goose7791

    I haven't tried the following with a VM, so be sure to get a good backup of your VM before you try changing from the command line.

    1. Find the fastest speed&duplex that you can set fixed in the AT&T device and set that there.  The below assumes that's 1 Gb full duplex 

    2. As root, get the REF_ of the hardware:

        cc get_object_by_name itfhw ethernet 'eth1 VMWare VMXNET3 Ethernet Controller'| grep \'ref

    3. Assuming that returns REF_ItfEthEth1VmwarVmxne, disable Auto negotiation with:

        cc change_object REF_ItfEthEth1VmwarVmxne auto_negotiation_status 0

    4. Change the speed to 1 Gb:

        cc change_object REF_ItfEthEth1VmwarVmxne speed 1000

    Did that work?  Did it solve the speed problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML