This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 Software appliance slow download/upload speeds

Hey Guys, just wanted to see if you could point me into the right direction. I have a software appliance running on a Hyper-V server windows 2010 with 15G or RAM and 512GB of disk. Nothing else runs on it. The machine is strictly dedicated to UTM9.

When I fist build it, the speeds were just fine 200Mbps/200Mbps. No major changes, beside some NAT rules for port forwarding that were made. I've also disabled them later during the testing with the same results.

Recently the speeds dropped to 10/20Mbps. I've connected my laptop directly to ISP router and was able to regain 200/200 speeds.

I've read a few post in Sophos communities, but still no luck. I've disabled all types of network protections, Anti-DDoS, web filtering, anti-portscan...etc but nothing has changed.

The hardware performance are steady at CPU=8%, RAM=10-15%, Log Disk=1%, and Data Disk=7%. All the hardware resources (windows machines) all dedicated to UTM.

I checked the Interface settings, under advanced and all set to 1000Mbps respectfully.

The windows Machines NIC's all set to 1Gb under hardware performance.

Everyone's help is greatly appreciated. 



This thread was automatically locked due to age.
Parents
  • Timely...I have recently noticed a similar throughput issue with my UTM.  Until very recently I was able to get over 300mbps up/down through it without any real tax on the cpu/ram.  My connection is 300Mbps fiber, and the UTM has been in the DMZ of the ATT router, with an Asus GT-AC5300 acting as an AP off the UTM.  Wired and Wifi connections have all been solid until recently.  If I enabled IPS, it did drop off though...so I have left it disabled, and confirmed it is still disabled. 

    For the last  week I have tested all my network components, removing equipment, upgrading/downgrading the Asus, testing cables, etc., and the one thing I keep coming back to is my UTM.  I have it installed on a Zotac Nano, and it has a Realteck NIC...  When I remove it from the picture, I'm getting those 300+Mbps speeds again up and down.

    I'm thinking the recent UTM 9 firmware update might have something to do with it, perhaps something to do with the Realtek NICs?  My ports all show 1Gbps too, but throughput over a wired connection is averaging 45/95 mbps up/down.

    What kind of physical NIC is on the machine running your instance?

Reply
  • Timely...I have recently noticed a similar throughput issue with my UTM.  Until very recently I was able to get over 300mbps up/down through it without any real tax on the cpu/ram.  My connection is 300Mbps fiber, and the UTM has been in the DMZ of the ATT router, with an Asus GT-AC5300 acting as an AP off the UTM.  Wired and Wifi connections have all been solid until recently.  If I enabled IPS, it did drop off though...so I have left it disabled, and confirmed it is still disabled. 

    For the last  week I have tested all my network components, removing equipment, upgrading/downgrading the Asus, testing cables, etc., and the one thing I keep coming back to is my UTM.  I have it installed on a Zotac Nano, and it has a Realteck NIC...  When I remove it from the picture, I'm getting those 300+Mbps speeds again up and down.

    I'm thinking the recent UTM 9 firmware update might have something to do with it, perhaps something to do with the Realtek NICs?  My ports all show 1Gbps too, but throughput over a wired connection is averaging 45/95 mbps up/down.

    What kind of physical NIC is on the machine running your instance?

Children
  • Thanks Robert. This is starting to make sense. I've also traced and troubleshoot all the connections with the same results. 

    My NIC card is too a Realtech NIC, with the latest firmware. So, it starting to smell like a crappy firmware to me as well. I did see a few posts providing steps on the firmware downgrading procedure: https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/73283/rollback-firmware-procedure

    From the looks of it, it's possible, but with a few Sophos kinks. 

    Have you tried downgrading yet?

  • I had been looking at how to downgrade the firmware, saw that post as well, but haven't had the time or desire to try it.  At this point though, my thought has been to look for another firewall and give it a shot on the Zotac, but I haven't gotten that far in my troubleshooting.  Now that I know I'm not the only one, that is becoming a possibility though. 

    Unfortunately I think we're stuck until Sophos comes out with a new firmware that fixes whatever issue there might now be causing an issue with Realteck NICs.  Since there has always been that warning about them, to use an Intel NIC, who knows what Sophos will do as their appliances are likely all Intel and that guidance has been out there for a long time.  In other words, if there are only a handful of home users with Realteck NICs, they might not fix it if it's not straightforward and a simple fix.

    Downgrading I don't see as a long term solution. But let me know if you try it and it resolves the issue. Right now my Sophos is powered down...

    I'm going to continue monitoring the forum, but also look for other options as I am not crazy about having the Asus as my Internet facing router/firewall.  So...I could end up trying another UTM on my Zotac, or changing out my hardware to use something with an Intel NIC.  But then I'm still in the situation of looking again at other UTM software vs Sophos.  Sophos works well, but it's got a steap learning curve, and getting it all configured so everything works took awhile.

    I'd like to hear from someone at Sophos to see if they have noticed this, have plans to figure it out, and if they can either confirm or not our suspicions that it is the recent firmware update and there is a conflict with the Realteck NICs.

  • Unfortunately, this is a part where "free" comes with a price. I'll try to downgrade, when I get a chance and will update the blog. In the meantime, I'll leave this thread open to see if anyone else reports this type of behavior. Hopefully, this issue will be addressed during the next upgrade.