Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

High CPU with DPI-SSL

Hi,

I experiencing CPU bottleneck with DPI-SSL on TZ300W and TZ400, that cause issue on VOIP and slowdown on RDP Thru Site-to-Site VPN.

I will like to know if everybody got that.

You must exclude only Bank on DPI-SSL, all service is activated in DPI-SSL inspection. (also do not limit the MAX Connection of DPI-SSL, leave as default=25000)

To see the Issue, you take some PC (like 2 to 6).

You have to set 3 default start page on each PC. (Msn.com, Yahoo.com, YouTube.com)

Then you start EDGE on all computer at the same time. Then the CPU go Full High, then you got VOIP issue and slowdown on RDP thru VPN.

FW: 6.5.4.5-53n--HF222458-6n but I have see that also on most older firmware

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • shiprasahu93shiprasahu93 Moderator

    Hello @Peterbob9,

    I checked internally based on the DTS# 222458 and yes we have a few customers seeing this problem across different platforms. We have taken care of major DPI SSL related problems on 6.5.4.5 based on HF versions but all of that is getting consolidated and scheduled to be fixed in the next release 6.5.4.6.

    This version is already in beta and would be web-posted pretty soon. So, please stay tuned for that.

    I would also like to add that while using DPI SSL, the firewall needs to perform SSL proxy for any SSL connection on any port increasing the CPU usage and we had a substantial growth on the number of connections that we would support on the 6.5 era.

    We are already working on this and you should be able to test it out pretty soon on the 6.5.4.6 version.

    Thanks and have a good one!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • shiprasahu93shiprasahu93 Moderator
    edited May 29

    Hello @Peterbob9,

    6.5.4.6-79n is webposted as a maintenance release. I am attaching the release noted for your reference.

    Also, attaching the KB for firmware upgrade procedure.

    Feel free to test it out and let us know how it goes!

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Peterbob9Peterbob9 Newbie ✭

    Thanks, Yes.

    I already install it in 1X TZ400 Yesterday.

    But I didn't have time to make test on it, I should do it, this weekend.

  • shiprasahu93shiprasahu93 Moderator

    Perfect! Let us know how it goes!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Peterbob9

    check my tests, running on a TZ 400 as well, do your results differ?

    --Michael@BWC

  • Peterbob9Peterbob9 Newbie ✭

    Hi Jason_Faiferlick,


    I have test it on my only one TZ400 (6.5.4.6-79n) on ISP 30/30 Internet Speed.

     Because I already don’t have no more than 30 mb ISP connection on my TZ400

    I will not be able to compare with you.

     

    But I see that with DPI-SSL activated (and all other security service activated)

    Doing Speed test make my CPU go to 70% on 3 core.

    Without DPI-SSL, CPU goes on 20% on 3 core.

     

    And this test was done on, ONLY ONE COMPUTER.


    I will test this soon in TZ300W with higher internet speed.

Sign In or Register to comment.