Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

NSA 3600 - slow bandwith between two ports

mpoetzmpoetz Newbie ✭
edited December 2023 in Mid Range Firewalls

Hello,

the problem with my NSA 3600 is the bandwith beetween X6 (10.11.11.1) and X7 (10.11.12.1), i got a speed of 15-20 MB/s. These two ports are for separating client and server subnet.

THere are no restrictions between these two ports.

I tried the following points:

  • new Firmware
  • security service setting set to performance optimized
  • set the adapter speed to 1gpbs intead of auto
  • dpi service disabled
  • set MTU of the two adapters from 1500 to 1468
  • test with smb and ftp protocol

I dont know what's the problem.

Have somebody any ideas?

Thx a lot.

Best regards

Michael

Category: Mid Range Firewalls
Reply

Comments

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Are your test devices directly connected to those interfaces or are there other devices in between? What are the specs of the test devices? You havent given enough information.

    Also SMB is notoriously bandwidth inefficient and is not a good test, look into iperf or its forks.

  • mpoetzmpoetz Newbie ✭

    Hello and thanks for your answer.

    For my test i connected 2 Lenovo notebooks (Intel Core i5 1,2 GHz, 8 GB RAM, Gigabit Ethernet Adapter, 256 GB SSD HD, Windows 10) directly on these 2 ports (X6, X7), no other devices in between.

    I tested the same with these 2 notebooks with my network switch, and there i got a throughput rate of 90 MB/s. So the notebooks have the requirements to transfer a higher throughput rate i guess.

    Thanks a lot.

    Michael

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Another vote for iperf. Even if you can max out a link with SMB, it would still be interesting to know what you get with iperf.

  • mpoetzmpoetz Newbie ✭

    Hello,

    i tested now with iperf3 and the result is round about 75 MB/s. This is nice but why, What could be the problem with SMB or FTP? Security Services??

    Thanks a lot.

    Michael

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Turn off all the security services and re-test.

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    SMB is notorious for "bandwidth-delay product" so is a poor choice for testing throughput BUT that usually only applies with a high RTT which presumably isn't an issue on your LAN, so probably is the security services inspection slowing things down here.

  • mpoetzmpoetz Newbie ✭

    Thx for your fast answer. Is there a point where you can disable all sec services? Or have i to do it individually? Sorry but i am sonicwall newbie.

  • mpoetzmpoetz Newbie ✭

    My provider supports me and disabled the security services but no changes. He wants to open a ticket now.

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    There probably is but it's easy enough to un-tick each one.

  • IT_BrianIT_Brian Newbie ✭

    I know I am late to the party and you probably don't want to hear this - for our install at the head office we use a Cisco 2960X stack with SVIs to handle server and PC/USer vlan traffic. This is done at line rate as its a hardware ASIC. Using a firewall (any vendor really) this will be handled in software/CPU on the firewall.

  • MarkDMarkD Cybersecurity Overlord ✭✭✭
    edited February 2

    Unless there is a need to firewall those subnets , which by disabling all the features you seem to have done move to Min full rate Layer 3 switch and let the firewall enforce the policies elsewhere.

    2960x layer 2.5 :) not enough grunt to L3

Sign In or Register to comment.