This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED15 Throughput issues

Hello!

I'm a new member to the forums and also Sophos customer. We've recently implemented, with the assistance of a Sophos partner, a pair of SG330 in HA. The core installation has gone well.

Recently we purchased a RED15 device to explore what they have to offer. We've been able to connect / setup the device fine. I currently have it at my house for the purposes of testing. The device is behind my own Sophos UTM (home edition). I have created a static IP for the RED device and have created a firewall rule to allow it out any->any. The tunnel is established without issue and all functions seem normal with the exception of throughput.

At this point it's worth mentioning our corporate connection to our ISP is 100/100. I'm also lucky enough to have fibre to my home which is 100/40. There are no throughput issue from either side with basic testing.

I have tried to conduct a few basic tests. One of which was a SMB file transfer from our Windows Server to my Corporate Laptop connected to the RED device. The transfer occurs much slower than I'd expect. ~2Mbps.

To try to pin point the issue I used the same laptop without the RED device, on my home network (via my UTM), and connected via remote access SSL to the UTM. I performed the same file transfer and saw the transfer rate was well above 30Mbps.

So I am wondering if anyone can offer any troubleshooting steps / ideas on what may be causing /  limiting throughput on the RED device?

I have tried toggling IPS off / on - no change

QoS - we do have a few rules in test active but this is only for YouTube / Spotify



This thread was automatically locked due to age.
  • Hi, and welcome to the UTM Community!

    Please try #1 in Rulz - any indications from that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks Bob - I've tried to follow your rulez before my post during my lurking days on here. I've done a little more digging but I cant really see any relation between the RED configuration any the usual suspects in Rulez #1. Just seems to be rate limited. I am assuming all data / tunnel is across the 3410 &3400 ports. I will also try to rule out my home network by using a GSM USB adapter.
  • I was certain that you would find Anti-UDP Flooding activity in the Intrusion Prevention log - nothing?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Nothing in the log no. As I mentioned I've also disabled IPS during testing and it yielded no change. Guess I might need a support case?
  • Yes, I would start one. Note that disabling IPS doesn't affect Anti-Portscan and Anti-Flooding activity that is also reported in the Intrusion Prevention log.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • BAlfson - you were on the money (as usual). It was indeed Anti-Flooding. But it was the client side not the UTM itself. Once this was corrected increase in speed was immediately noticeable. Sophos support almost RMA'd the red device but we checked the logs again and found the anti-flooding.