Speed Test Issues with DPI Enabled on SonicWall NSA 4700 nsa
sukarechhe
Newbie ✭
Hope everyone doing well here,
I am currently using a SonicWall NSA 4700 NSA with enabled. Recently, I have encountered a strange issue during speed tests. When I initiate the speed test, the download speed starts at around 999 Mbps but then gradually decreases to approximately 80-90 Mbps. The same behavior is observed with the upload speed.
Interestingly, when I disable DPI, the speed test results are consistent and perform as expected.
Has anyone in the community experienced a similar issue? I would appreciate any guidance on diagnosing and resolving this problem.
Category: Mid Range Firewalls
0
Answers
"when I disable DPI"
Do you mean you change the firewall to SPI only, or are you referring to DPI-SSL?
Thanks for reply @TKWITS - I mean "DPI-SSL"
Are you doing Gateway AV with 'TCP Stream' enabled? I have seen where that decimates speed test performance.
Otherwise open a ticket with support.
We experience the same issue with our 3700 series with DPI-SSL enabled, whether or not TCP Stream is enabled. I opened a ticket with support, their suggestions fail to fix our issue. When we upgraded to 7.1.2, DPI-SSL broke and they issued us firmware with the HF suffix (e.g. hot fix). I'm still waiting for the next firmware release and praying it fixes it. Today we wiped both units and reloaded the firmware, there was no change. We also have a 1GB WAN connection, with upload speed around 70-100 Mbps. Download is ~500Mbps with DPI-SSL enabled.
I'm very interested if you find a fix or they issue you a different firmware.
What was it like before 7.1.2?
It's disabled.
It was fine, I had to use SSO and that is why we had to upgrade version bcz there were issues with SSO services.
First I have upgraded to 7.0.* something but issue remain same so upgraded to 7.1.*
I think you need to open a ticket with Sonicwall about DPI-SSL performance regression with 7.1.2.
Yeah, already opened but still no resolution, so that someone can give input if anyone has experienced same issue.
Thanks everyone here who helped me, We have downgraded version to SonicOS 7.1.2-7019-R3835-HF50694 and issue resolved. Thanks again.
Did support give you any specific notes on the hotfix?
I'd just like to add a comment for anyone who runs across this article regarding FW version SonicOS 7.1.2-7019-R6288.
After installing 7.1.2 firmware at the recommendation of support for a site-to-site issue, I cannot add a URL to a URI list without our NSA4700 going into failover due to a "missed heartbeat" event. The stand-by unit picks things up, but of course there is a small outage.
I have been issued hot fix R3835-50694, which according to the original poster here, I am assuming was advised to fix an issue with 50694?
7.1.2 is the first time in a couple decades of admin'ing Sonicwall appliances that I have experienced significant issue with. It's garbage, and the posted version in mysonicwall.com is full of bugs, with no mention of these hotfixes.
You stated you downgraded to R3835-50694? What did you downgrade from?
I'm apprehensive to install R3835-50694, but I'm in a situation where I need to be able to add items to URI lists without the firewall doing a failover.
Since your downgrade, have things been stable, or have you discovered other bugs? Why did you go to the other hotfix that you downgraded from?
Thank you in advance for taking a moment to reply to my questions, appreciate it.