Unplanned Outage: Due to a technical glitch, customers might see higher wait times on Sophos Call Lines. We request for your kind cooperation. Please prefer logging a case via Sophos Support Portal, unless the situation is critical for you.

Sophos UTM 9.705-3 Intrusion Prevention

Hello,

I appear to be having some trouble with the Intrusion Prevention on my UTM. When I have Intrusion Prevention enabled, my network speeds are reduced dramatically. For example, my WAN connection; with and without Intrusion Prevention enabled:

Enabled - Download: 98Mbps
Disabled - Download: 206Mbps

I have tried changing various settings within Intrusion Prevention (whilst still having it enabled), but this made no improvement in the network speed. I had a look in the live-log whilst trying a speedtest and I had a large amount of this entry:

S5: Session exceeded configured max bytes to queue 1048576 using 1053000 bytes (client queue).

I tried doing some searches online for this but I can't seem to find anything other than it's nothing to worry about... but I'm pretty sure this is telling me what the problem is? Is it possible to increase the max bytes to queue? I'm currently using only 35% of 8GB RAM on this box.

Cheers,
Richard

Parents
  • Hi Richard,

    What tool are you using to measure speeds?

    What results do you get when you can try the following at the command line of the UTM?  Copy and paste as one block:

    cd /home
    wget raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py --no-check-certificate
    cc set ips status 0
    sleep 15s
    python speedtest.py
    cc set ips status 1
    sleep 30s
    python speedtest.py

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    I was using speedtest.net from a web browser for both tests, with and without Intrusion Prevention enabled.

    I've just ran that test there with Intrusion Prevention enabled:

    Retrieving speedtest.net server list...
    Selecting best server based on ping...
    Hosted by UltraNetworks (Aberdeen) [201.67 km]: 38.947 ms
    Testing download speed................................................................................
    Download: 64.44 Mbit/s
    Testing upload speed................................................................................................
    Upload: 19.92 Mbit/s

    Without Intrusion Prevention enabled:

    Retrieving speedtest.net server list...
    Selecting best server based on ping...
    Hosted by Sure Telecom (Douglas) [195.42 km]: 34.97 ms
    Testing download speed................................................................................
    Download: 98.78 Mbit/s
    Testing upload speed................................................................................................
    Upload: 20.19 Mbit/s


    The server seems to change when switching Intrusion Prevention on/off. If I try doing speedtest.net from a web browser and select a server nearer to me, I get 212Mbps download (with Intrusion Prevention disabled). With it enabled... I got 99Mbps.

    Cheers,
    Richard

  • Download: 98.78 Mbit/s

    That makes me wonder if there isn't another issue causing your speed measurements to vary  What if you start the following at 6PM to test once every hour for 12 hours?

    for i in {1..11}; do python speedtest.py|grep Mbit; sleep 1h; done; python speedtest.py|grep Mbit

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Download: 98.78 Mbit/s

    That makes me wonder if there isn't another issue causing your speed measurements to vary  What if you start the following at 6PM to test once every hour for 12 hours?

    for i in {1..11}; do python speedtest.py|grep Mbit; sleep 1h; done; python speedtest.py|grep Mbit

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    Just set this up now so I'll let you know the results. I'm not sure exactly what is wrong here as it only happens when I enable Intrusion Prevention. Even if I disable every setting within Intrusion Prevention, but still have Intrusion Prevention enabled... I still get the limited Download speeds.

    Cheers,
    Richard

  • Download: 106.59 Mbit/s
    Upload: 17.73 Mbit/s
    Download: 94.82 Mbit/s
    Upload: 20.20 Mbit/s
    Download: 90.58 Mbit/s
    Upload: 19.71 Mbit/s
    Download: 67.39 Mbit/s
    Upload: 19.85 Mbit/s
    Download: 84.04 Mbit/s
    Upload: 19.80 Mbit/s
    Download: 104.32 Mbit/s
    Upload: 14.04 Mbit/s
    Download: 90.97 Mbit/s
    Upload: 20.42 Mbit/s
    Download: 115.38 Mbit/s
    Upload: 20.07 Mbit/s
    Download: 103.59 Mbit/s
    Upload: 20.30 Mbit/s
    Download: 97.71 Mbit/s
    Upload: 20.69 Mbit/s
    Download: 106.73 Mbit/s
    Upload: 20.36 Mbit/s
    Download: 103.26 Mbit/s
    Upload: 20.28 Mbit/s