Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersSonicwall and Issues with Performance
networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

#142604 18-Mar-2014 15:29
Send private message

Hi. 

I have a customer with 100/50Mbit UFB. The ISP who I would prefer not to name has no BRAS in Wellington where the customer is located, instead at Auckland. The first hop latency is 12ms. Using a similar spec connection in Auckland, first hop is 2ms. 

We have been for weeks trying to work out why the Sonicwall in Wellington won't download at faster than 2.5MB/s and we believe based on the fact an identical router with the customers same firmware and settings work fine at full speed in Auckland.

We are wondering if there could be a problem with the PPPoE Implementation on Sonicwall Firmware (Both 5.8 and 5.9), where some form of buffer is getting saturated. 

We have factory reset, replaced, recreated settings, changed every concievable setting including MTU, and everything else, but now believe it could be a SW issue inherently. 

Anyone ever seen this before?

The Sonicwall is a TZ105W.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1008162 18-Mar-2014 15:32
Send private message

Also of interest, if we put a Microtik in Wellington it gets full speed, and we have seen the following with draytek and microtik and Sonicwall that if WAN or LAN is connected at 100MB, then the max download speeds are only 6MB/s.



Oriphix
523 posts

Ultimate Geek


  #1008173 18-Mar-2014 15:44

Yeah we had the same issue it turned out to be that firewall. Customer was getting 30/10 when they paying for 100.

Tried a different firewall and its working at full speed now.

networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1008179 18-Mar-2014 15:55
Send private message

Oriphix: Yeah we had the same issue it turned out to be that firewall. Customer was getting 30/10 when they paying for 100.

Tried a different firewall and its working at full speed now.


I suspect that is a different issue. Throughput is reduced signficantly when you enable gateway Antivirus/UTM Services. Our issue is related to latency I think.



Oriphix
523 posts

Ultimate Geek


  #1008186 18-Mar-2014 15:59

networkn:
Oriphix: Yeah we had the same issue it turned out to be that firewall. Customer was getting 30/10 when they paying for 100.

Tried a different firewall and its working at full speed now.


I suspect that is a different issue. Throughput is reduced signficantly when you enable gateway Antivirus/UTM Services. Our issue is related to latency I think.




It didn't make a difference in our case. We disabled the Gateway AV etc. Still had the same issue.

What model SonicWALL do you have?

networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1008187 18-Mar-2014 15:59
Send private message

Oriphix:
networkn:
Oriphix: Yeah we had the same issue it turned out to be that firewall. Customer was getting 30/10 when they paying for 100.

Tried a different firewall and its working at full speed now.


I suspect that is a different issue. Throughput is reduced signficantly when you enable gateway Antivirus/UTM Services. Our issue is related to latency I think.




It didn't make a difference in our case. We disabled the Gateway AV etc. Still had the same issue.

What model SonicWALL do you have?


TZ105

Oriphix
523 posts

Ultimate Geek


  #1008193 18-Mar-2014 16:12

 

TZ105


That is strange indeed. According to the specs of the firewall your connection should max at 25 MB down.

Full DPI throughput2 25 Mbps

http://www.sonicwall.com/us/en/products/TZ-105.html#tab=specifications

If you wanted to get more close to a 100MB fibre then you need to get a bigger firewall like a NSA250M

However getting only 2.5 MB down is very low. I assume you are syncing at 100 on the modem?

networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1008195 18-Mar-2014 16:18
Send private message

Oriphix:
 

TZ105


That is strange indeed. According to the specs of the firewall your connection should max at 25 MB down.

Full DPI throughput2 25 Mbps

http://www.sonicwall.com/us/en/products/TZ-105.html#tab=specifications

If you wanted to get more close to a 100MB fibre then you need to get a bigger firewall like a NSA250M

However getting only 2.5 MB down is very low. I assume you are syncing at 100 on the modem?




That 25MBit is only with all UTM services turned on, and in fact they are all off.  I have TZ100's getting 9.5MB/s download, and I would assume this would be able to do better. 

We did setup a PPPOE Server internally and could get over 9.5MB/s transferring from one side of the box to the other. 

 

 

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1008198 18-Mar-2014 16:29
Send private message

Is the Ethernet connection negotiating at 100 Full Duplex? 
 

 
 

Oriphix
523 posts

Ultimate Geek


  #1008204 18-Mar-2014 16:37

 
That 25MBit is only with all UTM services turned on, and in fact they are all off.  I have TZ100's getting 9.5MB/s download, and I would assume this would be able to do better. 

We did setup a PPPOE Server internally and could get over 9.5MB/s transferring from one side of the box to the other.   


So we have veeam replication happening to different sites and this is how ever have it configured.

its a bug even though SonicWALL won't admit it, when your connection is going from LAN to VPN the sonicwall still scans it with gateway AV on the WAN. (since you mentioned two sites I am assuming you have site to site VPN)



We have disabled all the scanning on the VPN.

Then on both sides (both the sonicwall AKL and WTGN) enable exclusions for the computer / server that you want to have full access. You will need to add the same IP address on both sides. 

E.g: if 192.168.0.50 AKL firewall then add the same IP to WTGN firewall and vise versa.




EDIT: I might have been wrong here reading your original post again. Your problem is not VPN file download its more just the sync / download at WTGN?

networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1008205 18-Mar-2014 16:37
Send private message

sbiddle: Is the Ethernet connection negotiating at 100 Full Duplex? 
 

 
 


Yep. It's not a duplex issue as best we can tell. 

What was strange is when we used the microtik, it was connected to the ONT at 1Gbps, but the LAN was at 100Mbps (Intentionally) and we could still only get 6MB/s. Same as when the Sonicwall WAN/LAN was at 100Mbit. 

networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1008208 18-Mar-2014 16:42
Send private message

Oriphix:
 
That 25MBit is only with all UTM services turned on, and in fact they are all off.  I have TZ100's getting 9.5MB/s download, and I would assume this would be able to do better. 

We did setup a PPPOE Server internally and could get over 9.5MB/s transferring from one side of the box to the other.   


So we have veeam replication happening to different sites and this is how ever have it configured.

its a bug even though SonicWALL won't admit it, when your connection is going from LAN to VPN the sonicwall still scans it with gateway AV on the WAN. (since you mentioned two sites I am assuming you have site to site VPN)



We have disabled all the scanning on the VPN.

Then on both sides (both the sonicwall AKL and WTGN) enable exclusions for the computer / server that you want to have full access. You will need to add the same IP address on both sides. 

E.g: if 192.168.0.50 AKL firewall then add the same IP to WTGN firewall and vise versa.




EDIT: I might have been wrong here reading your original post again. Your problem is not VPN file download its more just the sync / download at WTGN?




We DO have site to site VPN with another TZ105W in Auckland, however the problem is downloading from the WAN > LAN we aren't getting decent speeds. We might just TRY these settings in case of it's affecting it anyway. 

Thank you for taking these screenshots, very useful. 

BTR

BTR
1527 posts

Uber Geek


  #1009552 20-Mar-2014 08:29
Send private message

You haven't got inbound/outbound speed restrictions enabled on the WAN interface do you?

networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1009789 20-Mar-2014 12:35
Send private message

BTR: You haven't got inbound/outbound speed restrictions enabled on the WAN interface do you?


Nope. 

I am wondering what sort of impact to total throughput a first hop of 12MS would have over the same connection with a first hop of 2ms?

Regs
4066 posts

Uber Geek

Trusted
Snowflake

  #1010229 20-Mar-2014 22:20
Send private message

as sbiddle suggests, it sounds like duplex issue. I've seen that happen before. half duplex 10mbps perhaps.  check *both* ends (if possible, ask ISP to check their end when connected) - it may 'say' 100auto on the sonicwall but be connected at 10half.

Coil
6614 posts

Uber Geek
Inactive user


  #1010232 20-Mar-2014 22:24
Send private message

networkn:
BTR: You haven't got inbound/outbound speed restrictions enabled on the WAN interface do you?


Nope. 

I am wondering what sort of impact to total throughput a first hop of 12MS would have over the same connection with a first hop of 2ms?


Latency wont directly affect throughput in this case. 
What happens with a different Gateway?

I think this is related to a Layer 3 delivery.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright