This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exception for UDP Flood Protection not working [SOLVED]

I have a situation, that I must admit, has me quite confused.

When using a commercial VPN server (TorGuard) I could not figure out why I was only getting 4% of my TCP connection download speeds when using a UDP connection.
I finally figured out that the cause of the problem was the Sophos UTM, specifically the UDP Flood Protection.
Not a problem really, as the UTM was doing what it was configured to do.

So, I figured I would simply add an exception for the UDP ports I was using to connect to the VPN server. That should resolve the speed issues, right?

I already had service definitions, both TCP and UDP, for the ports, along with a firewall rule to allow those ports (LAN > VPN Ports > Any)
I created a new exception (Network Protection > Intrusion Protection > Exceptions)

  • I gave the exception a name
  • Under Skip these checks I selected UDP Flood Protection
  • In For all requests I selected Using these services and added the UDP service definitions of the specific ports
  • I then saved and enabled the exception.

All pretty straight forward, but it had absolutely no effect on the download speeds of the UDP VPN connections.

I also tried selecting all of the options in Skip these checks but that had no effect either.

The next thing I tried was to create a DNS Host for the VPN server I have been connecting to and I added that into the exception rule

  • coming from these source networks: VPN Server & LAN
  • and going to these networks: VPN Server & LAN
  • and using these services: UPD Ports

and

  • coming from these source networks: VPN Server & LAN
  • or going to these networks: VPN Server & LAN
  • or using these services: UPD Ports

Neither of these additions had any effect, so I removed them.

I am obviously missing something here, but dammed if I know what.

I should add... if I simply disable Use UDP Flood Protection in Network Protection > Intrusion Protection > Anti DoS/Flooding this resolves the speed issue.
Basically, the exception I created is just not working, but I don't know why.

I'm open to suggestions from the brains trust.



This thread was automatically locked due to age.
  • Pictures of the Edits of the Exceptions would give us a clearer picture.  I'll guess that you didn't include responses.  For example, if you're using 1:65535->443, you also need to include 443->1:65535 in the Exception.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • As per usual Bob, you are a wealth of knowledge.

    Yes, creating and adding response ports was the missing piece to this puzzle.
    Thanks!

    BTW... When did the forum change so we could not mark a post as the accepted solution?

  • Ah, you're right.  I think that happened earlier his week.  I'll let emmosophos know.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA