Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


TZ 300 Internet Speed after reboot 230MB+, in approx 5 minutes speed drops to 90MB (+/-)


If you like challenges this is may be for you

I have done this test several times as far back as 1 month ago: after rebooting the TZ 300, the speed is tested normally around 230MB of 250MB monthly plan. After 5-10 minutes speed drops to 85-90 MB on all PC devices. Hard wired or not. I have repeated this test multiple times

I have followed every single instruction on the speed issues noted on the Sonicwall support site for the TZ 500 without success and other Sonicwall links such as:

We are not using a VPN of any type. This is a small office only 2-3 computers running at a time and an NAS drive. All CAT 6 hard wired except a Surface tablet. The TZ 300 is the main router behind the modem. There are are two other switches and also another Wireless router acting as an AP (not router - it feeds off the Sonicwall). I've rebooted all of these to no avail. When I connect a laptop directly to the modem I do get the 230+MB d/l speed. More LAN mapping info below

What's been checked:

Turned off the NAS drive

Unplugged the Access Point which has wireless devices and other hard wired devices, no change.

Firmware - May 2020 for the TZ 300

Using 3 different DNS servers in the TZ 300: OpenDNS is #1 about 1ms response, our ISP DNS is #2 and Google DNS is #3

WAN (X1) was changed from Auto to Manual 1Gig no help on all X ports. I then got a bit more creative and changed 1Gig to 10 MB and then ran a speedtest result which was 3.71MB. It should have been 10 MB or rather close. If we compare at 1gig or at 10MB there is one commonality, about a 60% reduction in speed in both settings ( 230MB drops to roughly 90MB and then with X1 set to a 10MB setting, speed drops to 3.71MB). It would appear certainly something is throttling this router. I tested every reasonable MTU setting via command prompt from 1500 down to 1300 (our need is for for Cable use, not DSL, ADSL or PPPoE). Wound up with 1474 (1446 + 20 + 8) which consistently had the shortest Avg Response time to both Google and Yahoo @ 18-19ms (tested both). Previously was set to 1404. The options Fragment Non-VPN is enabled and Ignore Don't fragment is unchecked. Multicast is On (i've toggled both on and off, no help)

Also, no Security Services are enabled except Base which is set to Performance Optimized. 

BWM is set to None

Changed DPI to SPI Maximum, no luck.

PC Netcards are set to DHCP (no static for IP or DNS). All Network cards are set to 1 Gig Full Duplex or Auto detect (tried all combos), Power saving settings on cards are Disabled.  

LOG - Name resolution is set to None 

All FW rules have Allow Fragmented Packets checked both Default and Custom 

Only 1 custom NAT rule exists for the NAS drive alone, all of the other NAT rules are default 

I've also checked the Connection Logs, there's only 127 entries, not hundreds or thousands which could indicate a client system acting as a malicious server. All listed devices are proper and within our LAN

I have also tried every suggestion at this link:

I can provide screen captures if that helps.

The Mapping info of our LAN is : Surfboard Cable modem -> Sonicwall -> goes to 8 port 1 gig switch -> goes to wall jacks and 1 other 4 port 1 gig switch and also a router acting as an Access point with DHCP enabled and WiFi 'on' (the WiFi on the TZ 300 leaves much to be desired).

Again, after a clean reboot of the TZ 300, speed is great for about 5 mins or so then the speed drops from 230MB to about 90MB. Any thoughts or other ideas Greatly appreciated.


Category: Entry Level Firewalls


  • Options

    Hello @Revup67,

    Welcome to SonicWall community.

    It looks like you have already performed all the troubleshooting steps. But, I think this could be a hardware limitation. The full DPI throughput on this model is 100 Mbps. Even with all the security services turned OFF and it set to performance optimized, it still has the DPI engine running which can restrict the bandwidth to 100 Mbps.

    You can switch to SPI mode from MANAGE | Firewall Settings | Advanced Settings and then selecting the radio button "Maximum SPI Connections (DPI services disabled)". This requires a firewall restart though.

    I am attaching the datasheet for TZ series.

    These are my thoughts, but if anyone else has anything else to add, please go ahead.


    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Options
    Revup67Revup67 Newbie ✭

    Another option which was Disabled: Zones|WAN|Configure|disabled Gateway AV and also Spyware options, this was of no help also.

  • Options

    Hi @REVUP67,

    I'm not sure if this is a feasible option for you and if you can really, try it out to narrow down the issue towards hardware. Please perform a factory reset of the SonicWall box and test the speed on default settings. This can isolate the issue towards Hardware or Settings (Configuration). If the issue remains on the factory default settings, its evident that something is wrong with the box else configuration issue.

    It would be better for you to open a support case and take assistance on this to conclude the resolution. If the device is under warranty and support team finds SonicWall to be a defective one, replacement will be authorized.

    Hope this helps...


    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Options
    Halon5Halon5 Enthusiast ✭✭
    edited September 2020

    Hey @Revup67 ,

    There is no way you will get anywhere near 230MB+ with DPI.

    The TZ300 is simply an outdated unit. We get excited if we get just 70Mbps with services on.

    If you must get higher throughput the only way to get your performance up is to TURN OFF DPI. That is the reality.

    The SonicWALL SonicOS is still great for SEPARATION at least, even with DPI off.

    You could always resort to using Capture Client on your high value zones.

    You might also consider trying the release.

    Good Luck.

  • Options
    Revup67Revup67 Newbie ✭

    Halon and Saravan -

    Thanks for the response. I will look into those options.

    I did make one change today. I moved the cat 6 cable from X0 to x3 which feeds into all swtiches and the AP. Every client had improved throughput from 148MB to 180MB. After trying numerous servers, I am getting 148MB vs. 90MB on a hard wired desktop and on WiFi to a surface tablet I am getting 180MB - consistently. There's possibly some contamination on the X0 port.

    Oddly when I try to configure the X3 port (either Auto-Negotiate or 1Gig) it remains on 100MB though. I am also unable to change the MTU from 1500 to the preferred 1368 and with all of this DPI was "enabled" I will revert to disabling DPI and pursue the firmware

    Might this lead you to any other suggestions? I doubt the unit is under warranty, it's just over 3 years old.

    Thanks again


  • Options
    Revup67Revup67 Newbie ✭

    Halon5 - PS found this from a sonicwall web page (see below) - this might be something to be aware of when 'downgrading firmware' per the recommendation to try firmware. Also, I can 100% confirm 230MB d/l speed for about 5-10 minutes on XO port. No security services were on at the time or thereafter. DPI was 'on'

    Per Sonicwall:

    "If an attempt to downgrade SonicWall firmware is performed, the lower firmware will be unable to recognize settings created on the higher version of firmware. As the SonicWall is not designed to perform such a downgrade, it will attempt to cram them into the lower firmware anyway. This will inevitably force settings for one engine, such as User Authentication, into a completely unrelated section of the configuration, such as the VPN engine, where none of these items make any sense.

    Because of this, it is impossible for SonicWall to predict the behavior of the firewall, and therefore to support the device, after the configuration has gone through a direct downgrade of firmware.

  • Options
    Halon5Halon5 Enthusiast ✭✭

    Hiya @Revup67 ,

    Agreed. You would need to setup from scratch on and then we would recommended you backup the config at that level. Then roll-up / rollback won't be such a hassle.

    We have actually rolled some TZ300's back to that level for stability. The 6.5.4.x line is strewn with issues particularly around DPI-SSL.

    We have also let some TZ300's Security Services lapse with the SonicOS 7.0 release pending. Then removing DPI just makes them "behave". You are then looking to the endpoint protection of course and sadly no reporting although that's pretty lame anyhow.

    Best to your day!


Sign In or Register to comment.