Running Speed Tests from the CLI on Sophos Firewall (Updated for SFOS 19+)

As of the latest Sophos Firewall firmware (SFOS 19 and beyond), most traditional methods for measuring internet speed from the command-line interface (CLI) are no longer viable. The days of using tools like wget, speedtest-cli, or even basic Python scripts are over. If you’re looking for ways to test throughput or monitor bandwidth directly from your Sophos XG firewall, here’s the current state of play and what options remain available.

Why This Changed

Sophos has progressively hardened the operating system to enhance security. This includes the removal or restriction of key utilities such as wget and python after SFOS version 17.5.10. The appliance does not include a package manager, and administrators are unable to install additional software or custom binaries persistently.

Using curl to Simulate a Speed Test

Although native speed testing tools are unavailable, a workaround is to use curl to download a known large file over HTTP and time the download manually. For example:

time curl -o /dev/null http://ipv4.download.thinkbroadband.com/512MB.zip

This downloads a 512MB file and discards the contents. The time command returns how long the operation took.

To estimate download speed:

• Convert 512MB to Megabits: 512 × 8 = 4096 Megabits
• Divide by time in seconds to get Mbps

Example: If the download completes in 40 seconds: 4096 ÷ 40 = 102.4 Mbps

Note: This is a crude approximation and can be affected by many variables, including the test server location and routing conditions.

Real-Time Interface Monitoring with iftop or bwmon

While synthetic benchmarking is no longer feasible from the firewall itself, real-time monitoring tools can still provide useful insight into bandwidth usage and live traffic conditions.

Using iftop:

iftop -i Port2

Replace Port2 with the correct interface name (e.g., PortB or PortA). The display will show live network traffic across that interface. Press h for in-program help and additional controls.

Using bwmon

If available, bwmon provides a textual overview of real-time bandwidth utilisation. It’s well-suited for quickly identifying saturation points or bandwidth spikes during file transfers or heavy network load.

Final Thoughts

Running speed tests or monitoring throughput directly from the Sophos Firewall remains possible, albeit with limitations. As a hardened security appliance, Sophos XG restricts many traditional Linux utilities for good reason. That said, with tools like curl, iftop, and bwmon, administrators can still gain valuable insight into WAN performance and interface utilisation.

For those requiring accurate speed diagnostics, the recommended approach is to run tests from a host behind the firewall using iperf3, speedtest-cli, or browser-based tools, and monitor the resulting flow through the firewall interfaces.

When testing performance:

• Use external systems for consistent, detailed benchmarks
• Monitor traffic during tests with iftop or bwmon
• Always validate test results against real-world usage patterns

Although not as convenient as previous CLI options, it is still entirely feasible to validate internet performance from the firewall environment with a bit of creativity and careful interpretation.