This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Too slow internet speeds

I have a problem I cannot quite figure out. My customer has a 500/500 Mbp/s Internet connection. Clients do however only get 50 Mbit/s download speed and 120 Mbit/s upload. 

 

Yesterday I fluked their LAN and gave it a clean bill of health. When I hook up my laptop to the ISP router instead of the firewall I get full speed at 500/500 when testing with Ookla.

 

The strange thing is that this customer has a site-2-site vpn to our data center and traffic over the vpn gets full speed. I tested this by copying a large file (1 GB) between a linux server in the datacenter and a linux server at the customer site. I also get full speed when I download large files with wget directly on the firewall.

 

The firewall is a SG210 Active/passive HA pair, Firmware is the newest. QoS is disabled. I feel I have looked "everywhere" for settings slowing things down. I have tried disabling IPS, Web protection and ATP. I have also tried to reduce MTU size on WAN interface. None of these tests hav had any effect.

Interfaces are connected to the LAN switch with 1000/Full  (autoneg) and client computers also have 1000/Full. 

 

Anyone got any suggestions what might be causing this?



This thread was automatically locked due to age.
  • I figured this out myself. It was in fact IPS that did this. I thought it would be enough to remove the client network from the Global IPS Settings. It was not. I needed to make an exception for the client LAN in IPS to succesfully disable IPS for this subnet.

  • Hi RA

    That's an interesting one! If I'd known this a year ago, I would have solved a very hard issue with a customer. I raised a Sophos-Ticket for that and everybody just wondered that the IPS-Engine couldn't provide that performance. At the end the customer was very disappointed about the service - and I was about the Sophos Specs and Sizing guide.

    But to be honest -> you are in the same situation: Even if you enable the IPS for the clients -> the SG 210 should provide much more that the figures you mentioned.

    Thanks for the input! The workaround (to add an exclusion instead of defining the net in the Global IPS Settings) is a very good tip!

    Cheers Janbo

    _________

    Yesterday - today was still tomorrow...

  • IPS is tricky because it's single-threaded.  German member twister5800 (Martin) did tests of both an SG 135 and an SG 210.  For a single client running a test, the 210 was faster.  When four clients ran a test simultaneously, the SG 135 produced more net throughput because it has a quad-core Atom while the 210 has a dual-core Celeron.

    Every new customer should get an evaluation of whether the more-cost-effective approach to get what they need is an appliance or a software license on a fast, powerful server.  Most will choose an appliance even if it's the more-expensive solution.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I have the UTM 9 on own hardware with 8GB ram, 120 GB SSD, Intel I3(ni-aes HW chip included) . I have 200 Mbit internet down and 20 up; the UTM only allows 20Mbit up and down.

    what I keep reading is that everywhere the upload is what its provided but the download is every time only EXACT 10% of what has been provided.

    when doing a big and fast download, the processor utilization does not get higher than 3%  and ram not utilized more than 50% !!! and yes; indeed turning of IPS does the trick. but this is not because of processor limitation (my opinion because of the 10% ratio that seems to be the case every time)

  • What happens if you try #7.7 in Rulz?  Before you try that, make sure the interface has the correct MTU assigned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    all done that including MTU etc. the issue only happened after one of the updates of the UTM. the issue is just that I can not remember which exactly exposed the behavior.

    the advantage is that I have more need for upload speed than download, but still, I'm missing 180 mbit/sec in case I could use it.

    Cheers,

    Coert

  • In all my years with the UTM, I've only experienced having an Up2Date "break" a configuration database personally one time at one customer site.  Several times a year here in this Community, someone solves a new problem that appeared after applying an Up2Date by doing the following.  What happens if you restore the backup made automatically before the last series of Up2Dates were applied?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • One can tell that you are working in a defense company.

    for me its difficult to track with what upgrade it really happened.

  • Show us what you get at the command line for:

    version

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Current software version...: 9.510005
    Hardware type..............: Software Appliance
    Installation image.........: 9.357-1.1
    Installation type..........: asg
    Installed pattern version..: 153129
    Downloaded pattern version.: 153129
    Up2Dates applied...........: 21 (see below)
                                 sys-9.357-9.358-1.3.2.tgz (Apr 14  2017)
                                 sys-9.358-9.404-3.5.1.tgz (Apr 14  2017)
                                 sys-9.404-9.405-5.5.1.tgz (Apr 14  2017)
                                 sys-9.405-9.406-5.3.1.tgz (Apr 14  2017)
                                 sys-9.406-9.407-3.3.1.tgz (Apr 14  2017)
                                 sys-9.407-9.408-3.4.1.tgz (Apr 14  2017)
                                 sys-9.408-9.409-4.9.1.tgz (Apr 14  2017)
                                 sys-9.409-9.411-9.3.2.tgz (Apr 14  2017)
                                 sys-9.411-9.412-3.2.2.tgz (Apr 27  2017)
                                 sys-9.412-9.413-2.4.3.tgz (May  8  2017)
                                 sys-9.413-9.414-4.2.3.tgz (Jun 27  2017)
                                 sys-9.414-9.501-2.5.1.tgz (Jun 28  2017)
                                 sys-9.501-9.502-5.4.1.tgz (Jul 22  2017)
                                 sys-9.502-9.503-4.4.2.tgz (Sep  9  2017)
                                 sys-9.503-9.504-3.1.4.tgz (Oct 26  2017)
                                 sys-9.504-9.505-1.4.1.tgz (Oct 26  2017)
                                 sys-9.505-9.506-4.2.2.tgz (Dec  2  2017)
                                 sys-9.506-9.507-2.1.4.tgz (Mar 17  2018)
                                 sys-9.507-9.508-1.10.1.tgz (Mar 17  2018)
                                 sys-9.508-9.509-10.3.2.tgz (Apr  6  2018)
                                 sys-9.509-9.510-3.5.2.tgz (Aug 15 09:48)
    Up2Dates available.........: 0
    Factory resets.............: 0
    Timewarps detected.........: 0