I own two XG230 in HA with fw 18mr3, since I switched from MR1 to MR3 the speed of vpn is much improved (from 12mb to 60/70mb).
VPN is configured as ssl tcp on port 8443 with comp enable
The wan it's fiber 100/100,since I have updated the firmware I saw a drop in speed during the day even until late in the evening, arrive at an upload of 0.5mbs and download of 7mb, even if the wan was not saturated or overloaded
Yestrday evening
Thr test it's in SSL TCP except the highlighted one I did in IPsec
Early this morning I did the test between TCP and UDP
I can't understand what it could be
Hello
maybe the BUG ID it's NC-62448 -Core dump on Snort
and my case it's 03271059
Thanks
Andrea
General speaking there could be several issues. Which VPN Client did you use? Did you try to use Sophos Connect with SSLVPN?
__________________________________________________________________________________________________________________
I tried with classic client (semaphore) and Sophos Connect 2.0 with SSLVPN
Did you test the same endpoint all the time or another endpoint? So to speak to verify, its not a endpoint issue or ISP on the remote end?
I tried both endpoints with the same result. Only in ssl tcp I have this problem. In IPSec the performance is higher
Now the IPSengine it's stopped because since I installed the MR3 it keeps restarting, I opened the ticket and it seems to be resolved in the MR4
Did you get a Bug ID for this?
no, I had only opened the case with the support
I think I'm missing something here, can you not just use UDP as the performance seems better configured as such (and last time I checked, recommended by Sophos for performance)?
------------------------------------------------
worlds number one free ICMP monitoring platform: https://pinescore.com
To use UDP I should have all users download the modified file.Up to August I was using a UTM v9 230 in TCP and I never had any problems
Actually, if you have Sophos Connect, the client will do this for you. The SC2.0 Client will notice the change on the XG and popup a resync with XG firewall on all enduser clients.