Hi! New user here.
I've recently installed UTM 9 Home (latest version) on my small box (Atom D2550, 4GB, 32GB SSD, Dual 1GB Broadcom BCM 57788 NICs). I had pfSense installed before, but decided to try Sophos.
Anyway, after installation I noticed that my speed decreased quite a bit. My ISP is Comcast and I'm paying for a 50/10 line, but during speed tests with direct connection to a PC or through pfSense (same hardware) I was getting more like 120/12.
With the Sophos installed now I'm getting 45/8.5, and this is with just Firewall protection. If I enable Web protection and IPS the speed is about 43/7.5. What the heck?
I ran top command in the terminal to check CPU load. When IPS is enabled I see that Snort uses 99% of one of the cores (being single-threaded I know that's the limiting factor for me with IPS on). However, without IPS during speed tests (firewall only) the CPU idle stays at about 90%, so the limiting factor doesn't seem to be any of the processes nor the CPU.
I connected my modem directly to my PC and I was again getting the 120/12 speeds. I connected back to Sophos box and again slow speeds. I went as far as duplicating my PC's MAC address on the external NIC. Still the same slower speed.
The interesting thing is that during the speedtest (speedtest.net) my download speed (with FW only) stays right at 45mbps, doesn't go above, just a straight line on the graph. As if something is "throttling" the speed. I checked my QoS and no throttling there (I had it there for VoIP QoS, but disabled it).
I'm out of ideas here. Either something in the Sophos software stack is limiting the speed or something is up with my NICs (but I had pfSense installed on the same exact hardware and was getting the 110/12 speeds, and that's with snort ON, maxing out 1 core).
Any help would be appreciated!
Thanks a lot!
This thread was automatically locked due to age.
