This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Another slow upload problem

Hi,

My issue, like apparently many other have had, is that the upload speed on my UTM is far below expected.

I'm running a Sophos UTM with a home use license on a Core i5 laptop with one internal and one PCI Express GB ethernet adapter.

When I connect a pc directly to the (bridged) cable modem, I get the full 150/15Mbit speeds up/down.

When connected through the Sophos UTM download speeds are perfectly fine but the upload speeds are about half of what is expected (7.5Mbit).

Obviously I've disabled everything that I could think might be interfering. So, no IPS, no Web Filtering, no threat protection, no nothing, just a bare firewall setup with 1 fw rule:

internal -> any -> any

and some masquerading.

I've completely reinstalled the firewall from scratch, and again but with the internal and external interfaces swapped. I've tried with a different (old) device I had lying around, I've tried setting the external interface to 1000Mbit/full and to 100Mbit/full, but none of these things have helped.

I'm at the end of things I can think of.

I've not played with the MTU settings, since I have no idea how to do that right and I've read about others that had 'arp issues' with their provider, this is also beyond the scope of my knowledge..

Please advise.



This thread was automatically locked due to age.
Parents Reply Children
  •   OT alert

    One of the things I always hate about this command, while useful, is that the user is reliant on the speedtest_cli.py script to not have been compromised or otherwise modified.  It is somewhat risky to blindly download a python script from the internet and then pipe it through python without inspecting it (or any script for that matter, be it python, bash, whatever).  If, for instance, I had compromised the github repo where it is stored and added rm -Rf, and the user was silly enough to be running as root on the UTM, what then?  For the user, hopefully nothing TOO bad if they had backups.  But, since this is being recommended by Sophos, they may have some liability in this.  Perhaps Sophos should develop their own script to duplicate this effort and host it themselves on the up2date server and monitor the script for unauthorized changes, etc.?  Just a thought.

  • Hi Sachin,

    Thank you for the fast response!

    On principle I agree with darrellr, github might not be the most trusted place to store these tests.

    Having said that, I just ran the command and the results are:

    Retrieving speedtest.net configuration...
    Retrieving speedtest.net server list...
    Testing from Ziggo (83.87.167.208)...
    Selecting best server based on latency...
    Hosted by DEAC (Amsterdam) [31.25 km]: 16.225 ms
    Testing download speed........................................
    Download: 106.19 Mbit/s
    Testing upload speed..................................................
    Upload: 13.41 Mbit/s

    That implies that the firewall is actually uploading at almost the full 15Mbit/s...

    what could be the issue here? Is the upstream to the firewall somehow the issue, is it a config issue on the LAN side?

    Thank you!

  • Hi Daaf, 

    The test shows that the upload speed received on UTM is 13.41 Mbit/s. That is a clean download/upload speed going through no filters? You must forward this output to your ISP and get it fixed. If there is an upstream router/modem connected to UTM, trying changing the physical cable connection both the ends or deploy an unmanageable switch in between.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi Sachin,

    I agree, the test shows 13,41 Mbit/s upload. the line is capable of 15Mbit/s, so this is pretty close, and double the speed I get from a client in my network. So, the speed FW-->INTERNET seems fine, doesn't it.?

    That leaves us with the question why clients inside the network are not able to get these speeds.

    Any thoughts?

  • I'm not sure what this means... but:

    I started playing with the MTU settings... fully aware I don't know what I'm doing here...

    The LAN MTU is set to 1500, the WAN MTU is set to 576.

    If I change the WAN MTU, the interface goes down, comes back up, and somehow goes back to MTU 576. If I change the MTU on my LAN side to 576 as well, nothing works anymore..

    Again, no idea what to do with MTU's... just throwing this out there...

  • Hi,

    Check this thread, I think you are having issues with the bad MTU value. 

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Perfect! this solved my issues,

    The MTU being fed through dhcp by my isp is 576... if I hard force this to 1500, I get max upload speeds!

    Solved, now to find a way to have the MTU correct without disabling DHCP.

  • FYI it looks like the file name of the speed test has changed from speedtest_cli.py to speedtest.py.  The new command is:

     

    wget --no-check-certificate -O - https://raw.github.com/sivel/speedtest-cli/master/speedtest.py | python

     

    Cheers

    -------------------------------

    Interesting [in-ter-uh-sting, -truh-sting, -tuh-res-ting]

    A word typically used by IT technicians to describe an issue they didn't expect, or never encountered, and don't know how to fix.