Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ-370 DPI-SSL slow performance

Hi,

our customer has an TZ-370 with the newest Firmware. Now he got a faster internet connection with 300 MBit/s download and 50 MBit/s upload and now we noticed that the throughput with activated DPI-SSL and Gateway-AV has gotten very bad.

With activated DPI-SSL, Gateway-AV and IPS, the TZ-370 only manages about 30 MBit/s download and 24 MBit/s upload in the single-stream speed test. In the multi-stream speed test, it is a bit faster with around 80 Mbit/s download and 35 Mbit/s upload.

Are these really "normal" throughput values or is a stronger firewall required here?

Category: Entry Level Firewalls
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Consider the data sheet says DPISSL throughput is 500 Mbps, but has a note saying "Threat Prevention/GatewayAV/Anti-Spyware/IPS throughput measured using industry standard Keysight HTTP performance test tools. Testing done with multiple flows through multiple port pairs. Threat Prevention throughput measured with Gateway AV, Anti-Spyware, IPS and Application Control enabled with DEFAULT FIREWALL SETTINGS." (Emphasis mine.)

    If you start actually USING the features you won't get that throughput. Two recommendations:

    Disabling GAV TCP Stream inspections will drastically increase your Speedtests with DPISSL enabled.

    Don't implement all the security features on anything less than the TZ570.

  • LarryLarry All-Knowing Sage ✭✭✭✭
  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Also, if you want to achieve the published figures then make sure you have use 4 interfaces as LANs and 4 as WANs, and split your traffic evenly across them ;-)

Sign In or Register to comment.