TZ-500 WAN port speed
JDrakes
Newbie ✭
Hello All,
I am hoping someone here can help, so I don't have to contact support. We currently have a TZ-500 in our main office and recently upgraded our fiber to 1Gb service. After setting the static IP and testing the speed, I am not getting anything over 100Mb down or up. I have tried the following.
Link Speed Auto Negotiate, and manually set it to 1Gb
Tried disabling IPS and DPI (just for testing purposes)
Found that MTU on the ISP device is set at 1514, Mine is set at 1500. Tried to set 1514 on my MTU last night, but cannot find the option to enable Jumbo Frames. Firmware is 6.5.4.5-53n. The Jumbo Frames option is not on my screen under Firewall Settings-Advanced Settings.
I am not sure what else could be limiting the speed of the throughput. I know it is possible that maybe this firewall is not meant to handle this type of throughput. Any suggestions?
Thanks
Answers
One thing I forgot to add is BWM is set to None.
Hi @JDrakes,
Thanks for being here. Hope you are safe and good.
Did you get chance to try all suggestions listed in the well known KB articles for bandwidth related problems with SonicWall?
Both these articles may have common suggestions and please be aware about the same.
Please try the suggestions. Hope the articles help isolate the issue.
Have a better day!!!
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hey Saravanan,
Thanks for this. Yes I have gone through both of those articles to no avail.
Thanks
Hi @JDRAKES,
Sorry to hear that the articles didnt help.
The suggestions from those articles should help fixing the bandwidth issue but unfortunately, its something else on the SonicWall firewall causing it.
I think the issue needs live troubleshooting. The best way is to dial into our Support team and seek for real-time assistance to figure out firewall's software or hardware issue.
Have a better day!!!
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Hi @JDrakes ,
Please refer the link below for the maximum throughput through sonicwall with the security services enabled.
Firewall Inspection Throughput mentioned is when all the security services are disabled on the sonicwall and the Firewall is set to SPI mode .
Nevyaditha P
Technical Support Advisor, Premier Services
I thought that might be the case. This is a brand new cat6 internal network with brand new 1Gb switches.
@JDrakes ,
Can you check the Link speed on the Firewall port and also on the switch ?
Also, Can you confirm if you have performed the MTU Test ?
For the MTU test check the link below
Nevyaditha P
Technical Support Advisor, Premier Services
Hi @NEVYADITHA
I did look at the comparison and I still need to have DPI and the security services turned on for protection of our very sensitive data.
I am not sure I fully understand how the throughput numbers work in the comparison as it states different speeds for just 1 security service. If you have multiple security services running on the firewall does this compound and just keep slowing down the throughput? My CPU usage is pretty low on the firewall usually.
Link speed is manually set to 1Gb on both the firewall and switch.
I did find the MTU setting on the ISP device to be 1514, but mine is set at 1500 on the WAN interface. I am not sure that this will solve all my problems, but it might help. However for some reason in my firmware 6.5.4.5-53n I do not have the option to enable Jumbo Frames to set the MTU higher than 1500. Do you know why this might be?
I have put in a support ticket with support to try to live troubleshoot as well.
Thanks
@JDRAKES - Logging a support case should work better for resolution as the issue needs live troubleshooting.
Hope all is well with you!!!
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
@Saravanan1990_V @Nevyaditha Ok I figured it out. Under security settings I had "Maximum Security" set. Changing this to "Performance Optimized" allows the firewall to gain alot higher speeds. Now my question for you all is how much of a security risk is this to run the firewall in Performance Optimized mode vs. Maximum Security?
Thanks
Hi @JDrakes,
Great to hear that "Performance Optimized" did the trick.
Performance Optimized when set is going to inspect all content with a high or medium threat probability whereas Maximum Security inspects all contents with any threat probability (high/medium/low).
Basically, the risk probability is going to be low when using "Performance Optimized". This is because, the low priority threats/attacks are characterized more as informational events, such as various PING traffics, Scan, RPC, and SMTP traffics. In real-time, we recommend users to turn off or exclude resources that are communication critical in the low priority category inspection like IPS, Spyware, App Control, etc,. for seamless networking.
Hope this clarifies.
Have a better day!!!
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
@Saravanan1990_V @Nevyaditha
One last question. Do you know why I do not have the option to enable Jumbo Frames in Firewall Settings--Advanced Settings?
Thanks
@JDrakes,
Jumbo frame support is only available on NSA 3600 and above and on all Gen 6.5 NSa devices. Since this is a TZ 500 device I think you do not have that option available.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi @JDrakes ,
Thank you for the update that the "Performance optimization" option did help you.
Regarding the Jumbo Frames I agree with Shipra, The option is available only on NSA 3600 device and above with Firmware 6.2.X
Please let us know of you have any queries and we will be glad to help you.
Nevyaditha P
Technical Support Advisor, Premier Services
@JDrakes - As prescribed by @shiprasahu93 and @Nevyaditha, firewall TZ models are not capable of accepting Jumbo Frames. This is a limitation on the TZ side. NSA 3600 and all higher models support Jumbo Frames.
Hope this clarifies.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services