Expected sslvpn/GVC throughput on Firewalls
RedNet
Enthusiast ✭✭
Just wondering if there are any datasheets on the throughput which should be expected on the Firewalls using Netextender (sslvpn), IPsec vpn (gvc) and LT2P.
Any official numbers from Swall and what are other peoples experiences? Any hint of the Gen 7 series offering more.
Personally, from TZ's up to NSa's I have never seen more than 20Mb up or down using iPerf testing, irrespective of bandwidth (or link type) on the remote users side and the WAN link on which the FW is publishing the sslvpn both being higher and quiet at the time of testing, and will push to an SMA if more is required.
I always got the impression SWall dont advertise the numbers because they want to push to SMA's.
Curious as to what other people have experienced...
Category: Mid Range Firewalls
0
Comments
Hi!
Yesterday night I did these tests with Netextender and GVC. I have used IPERF3 in all cases.
Syntax used for upload test: iperf3.exe -c XXX.XXX.XXX.XXX -t 30 -i 1 -P 10
Syntax used for download test: iperf3.exe -c XXX.XXX.XXX.XXX -t 30 -i 1 -P 10 -R
Tests between two Windows 10 with Netextender 10.2.292 and TZ300 SonicOS Enhanced 6.5.4.6-79n= 50Mbps upload / 50 Mbps download
Tests between two Windows 10 with GVC 4.10.4.0314 and TZ300 SonicOS Enhanced 6.5.4.6-79n= 98Mbps upload / 123 Mbps download
I hope this is useful for everybody!
I recommend this article to everyone that need to test throughput.
You can use it between interfaces and with GVC / Netextender to do some measures.
Thanks for the feedback Seb, funny I have tried on many firmware's over a number of fw models as I said and never seem to get those speeds, The NSv is the only platform I get decent speeds on. Good to know its possible, have you any devices on a lower firmware where you get similar speeds.
I have a test case TZ600 on 6.5.4.5-53n which I will upgrade to 6.5.4.6-79n and check, any bugs on 6.5.4.6-79n you have spotted?
BR,
Bernhard
Thanks, no need for mobile connect from Android devices on this site, so not an issue.
@RedNet I have had similar experiences. I had extensive conversations with various sonicwall engineers about it as well. Everyone I spoke to put in a good deal of effort to improve throughput and explain some of the reasons I don't get expected speeds, but ultimately I was not able to get anywhere. We went as far as doing a POC with the large SMA virtual appliance and even then, we could not get an real world scenarios with throughput over 15mpbs. Despite being assured that the design of the SMA avoided the bottlenecks the NSA line has with VPN throughput, the only time we exceeded 15mpbs and got to around 20mpbs was when the sales engineer built a vm in Azure and used the legacy SMA client. We ultimately went in a different direction(parallels) because of this and will be changing to another firewall provider when our service contract is up.
I found if "any" security services are enabled, the maximum bandwidth on any link, even across 10G links is about 350mb/sec. This was true for our old 3600 series as well as our latest 4650. I had to change the Security Services setting from "Maximum Security (recommended)" to "Performance Optimized". The instant I made the change, we were able to achieve near wire-speed throughput on all interfaces.