Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ-500 WAN port speed

Hello All,

I am hoping someone here can help, so I don't have to contact support. We currently have a TZ-500 in our main office and recently upgraded our fiber to 1Gb service. After setting the static IP and testing the speed, I am not getting anything over 100Mb down or up. I have tried the following.

Link Speed Auto Negotiate, and manually set it to 1Gb

Tried disabling IPS and DPI (just for testing purposes)

Found that MTU on the ISP device is set at 1514, Mine is set at 1500. Tried to set 1514 on my MTU last night, but cannot find the option to enable Jumbo Frames. Firmware is 6.5.4.5-53n. The Jumbo Frames option is not on my screen under Firewall Settings-Advanced Settings.


I am not sure what else could be limiting the speed of the throughput. I know it is possible that maybe this firewall is not meant to handle this type of throughput. Any suggestions?


Thanks

Category: Entry Level Firewalls
Reply

Answers

  • JDrakesJDrakes Newbie ✭

    One thing I forgot to add is BWM is set to None.

  • SaravananSaravanan Moderator

    Hi @JDrakes,

    Thanks for being here. Hope you are safe and good.

    Did you get chance to try all suggestions listed in the well known KB articles for bandwidth related problems with SonicWall?

    Both these articles may have common suggestions and please be aware about the same.

    Please try the suggestions. Hope the articles help isolate the issue.

    Have a better day!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • JDrakesJDrakes Newbie ✭

    Hey Saravanan,


    Thanks for this. Yes I have gone through both of those articles to no avail.


    Thanks

  • SaravananSaravanan Moderator

    Hi @JDRAKES,

    Sorry to hear that the articles didnt help.

    The suggestions from those articles should help fixing the bandwidth issue but unfortunately, its something else on the SonicWall firewall causing it.

    I think the issue needs live troubleshooting. The best way is to dial into our Support team and seek for real-time assistance to figure out firewall's software or hardware issue.

    Have a better day!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • NevyadithaNevyaditha Moderator

    Hi @JDrakes ,

    Please refer the link below for the maximum throughput through sonicwall with the security services enabled.

    Firewall Inspection Throughput mentioned is when all the security services are disabled on the sonicwall and the Firewall is set to SPI mode .


    Nevyaditha P

    Technical Support Advisor, Premier Services

  • JDrakesJDrakes Newbie ✭

    I thought that might be the case. This is a brand new cat6 internal network with brand new 1Gb switches.

  • NevyadithaNevyaditha Moderator

    Nevyaditha P

    Technical Support Advisor, Premier Services

  • JDrakesJDrakes Newbie ✭

    Hi @NEVYADITHA 


    I did look at the comparison and I still need to have DPI and the security services turned on for protection of our very sensitive data.

    I am not sure I fully understand how the throughput numbers work in the comparison as it states different speeds for just 1 security service. If you have multiple security services running on the firewall does this compound and just keep slowing down the throughput? My CPU usage is pretty low on the firewall usually.


    Link speed is manually set to 1Gb on both the firewall and switch.


    I did find the MTU setting on the ISP device to be 1514, but mine is set at 1500 on the WAN interface. I am not sure that this will solve all my problems, but it might help. However for some reason in my firmware 6.5.4.5-53n I do not have the option to enable Jumbo Frames to set the MTU higher than 1500. Do you know why this might be?


    I have put in a support ticket with support to try to live troubleshoot as well.


    Thanks

  • SaravananSaravanan Moderator

    @JDRAKES - Logging a support case should work better for resolution as the issue needs live troubleshooting.

    Hope all is well with you!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • JDrakesJDrakes Newbie ✭

    @Saravanan1990_V @Nevyaditha Ok I figured it out. Under security settings I had "Maximum Security" set. Changing this to "Performance Optimized" allows the firewall to gain alot higher speeds. Now my question for you all is how much of a security risk is this to run the firewall in Performance Optimized mode vs. Maximum Security?


    Thanks

  • SaravananSaravanan Moderator

    Hi @JDrakes,

    Great to hear that "Performance Optimized" did the trick.

    Performance Optimized when set is going to inspect all content with a high or medium threat probability whereas Maximum Security inspects all contents with any threat probability (high/medium/low).

    Basically, the risk probability is going to be low when using "Performance Optimized". This is because, the low priority threats/attacks are characterized more as informational events, such as various PING traffics, Scan, RPC, and SMTP traffics. In real-time, we recommend users to turn off or exclude resources that are communication critical in the low priority category inspection like IPS, Spyware, App Control, etc,. for seamless networking.

    Hope this clarifies.

    Have a better day!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • JDrakesJDrakes Newbie ✭

    @Saravanan1990_V @Nevyaditha

    One last question. Do you know why I do not have the option to enable Jumbo Frames in Firewall Settings--Advanced Settings?


    Thanks

  • shiprasahu93shiprasahu93 Moderator

    @JDrakes,

    Jumbo frame support is only available on NSA 3600 and above and on all Gen 6.5 NSa devices. Since this is a TZ 500 device I think you do not have that option available.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • NevyadithaNevyaditha Moderator

    Hi @JDrakes ,

    Thank you for the update that the "Performance optimization" option did help you.

    Regarding the Jumbo Frames I agree with Shipra, The option is available only on NSA 3600 device and above with Firmware 6.2.X

    Please let us know of you have any queries and we will be glad to help you.

    Nevyaditha P

    Technical Support Advisor, Premier Services

  • SaravananSaravanan Moderator

    @JDrakes - As prescribed by @shiprasahu93 and @Nevyaditha, firewall TZ models are not capable of accepting Jumbo Frames. This is a limitation on the TZ side. NSA 3600 and all higher models support Jumbo Frames.

    Hope this clarifies.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

Sign In or Register to comment.