This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

5% upload speed on Sophos UTM

First off let me say I know this has been a frequent question posted here regarding slow upload speeds on the UTM.  I have been a UTM user for well over a decade probably closer to 15 years.  I may not be a Bob expert but I know my way around the software. 

I recently got an ATT symmetric 1GB fiber line and plugged it up to my UTM VM.  At first, performance was normal and expected.  I was getting close enough to max throughput with the understanding that I would be getting less because it was running in a VM on older hardware.  All fine.  Then one day, and I honestly don't know when, upload performance just took a nose dive.  I would get 3-5Mbps on uploads.  Sometimes spiking to 7%.  

I did all the normal things, turned off IDS, turned off web filtering, confirmed 1500 MTU on all NICs, you name it.  I have a small Ubiquiti FW as a backup and it was able to get full 1Gb from all my VM's and my physical boxes, so I know my internal network is fine and can handle it.  I even built not 1 but 2 brand new UTMs.  One I did a restore of a config and another I did unconfigured, no settings.  The performance of all these UTMs is the same 5Mbps upload.  Download speeds are fine and close to theoretical maximums.  I am at a complete loss.  I do NOT want to migrate my services to Ubiquiti.  I want to keep using the UTM. What else can I do?  there are no IDS or filtering logs to check since all of that is disabled.  Is this an ATT thing?  Is there some special setting I need to make on the ATT FW or UTM interface setting I need to make to get this to work?  It doesn't have to be perfect, but symmetrical upload is all I want.  



This thread was automatically locked due to age.
Parents
  • If it ends up being something in the virtual stack that I cannot remediate, since this is a Home license and I want to have full gig both ways, what hardware device would you guys recommend?

  • Did you try modifying the speed&duplex settings as suggested above?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I went looking but that is not an option as a VM.  The only changes available to make are virtual MAC and does it look for HA traffic.  

  • The changes are in WebAdmin on the 'Hardware' tab of 'Interfaces'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I haven't tried the following with a VM, so be sure to get a good backup of your VM before you try changing from the command line.

    1. Find the fastest speed&duplex that you can set fixed in the AT&T device and set that there.  The below assumes that's 1 Gb full duplex 

    2. As root, get the REF_ of the hardware:

        cc get_object_by_name itfhw ethernet 'eth1 VMWare VMXNET3 Ethernet Controller'| grep \'ref

    3. Assuming that returns REF_ItfEthEth1VmwarVmxne, disable Auto negotiation with:

        cc change_object REF_ItfEthEth1VmwarVmxne auto_negotiation_status 0

    4. Change the speed to 1 Gb:

        cc change_object REF_ItfEthEth1VmwarVmxne speed 1000

    Did that work?  Did it solve the speed problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I haven't tried the following with a VM, so be sure to get a good backup of your VM before you try changing from the command line.

    1. Find the fastest speed&duplex that you can set fixed in the AT&T device and set that there.  The below assumes that's 1 Gb full duplex 

    2. As root, get the REF_ of the hardware:

        cc get_object_by_name itfhw ethernet 'eth1 VMWare VMXNET3 Ethernet Controller'| grep \'ref

    3. Assuming that returns REF_ItfEthEth1VmwarVmxne, disable Auto negotiation with:

        cc change_object REF_ItfEthEth1VmwarVmxne auto_negotiation_status 0

    4. Change the speed to 1 Gb:

        cc change_object REF_ItfEthEth1VmwarVmxne speed 1000

    Did that work?  Did it solve the speed problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data