Solved

SonicWall Transfer Speeds

Posted on 2013-02-05
8
909 Views
Last Modified: 2013-02-11
When transferring files from a LAN server to a LAN server we can achieve 100 MB/s. We can also achieve this speed when transferring from a DMZ server to a DMZ server. However, when we transfer from the LAN to the DMZ through the Sonicwall appliance, we average around 30 MB/s. We placed exclusions on the Sonicwall so that IPS and Content Filtering would not be an issue. We contacted Sonicwall and they stated that this is actually good speed. Has anyone else run into this? What speeds are you achieving? If this is normal I will stop searching but I am having a hard time believing it.
0
Comment
Question by:cadcollin
  • 3
  • 3
  • 2
8 Comments
 
LVL 61

Assisted Solution

by:btan
btan earned 250 total points
Comment Utility
Looking at it spec e.g. TZ 100, it has Stateful Throughput3 100 Mbps which is mentioned to be the max performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Actual maximum connection counts are lower when UTM services are enabled.

http://o-www.sonicwall.com/us/en/products/TZ_100.html#tab=specifications

let hope not any WAN features is turned on by default or inadvertently. LAN tx using WAN opt will turn the table around. But in the blog, it does not seems like sonicwall is that worst off...despite its DPI in a VPN setup. But one thing to note is if the CPU is not high, it really should be doing nothing and why is such proxy acting as middleman bringing odwn the performance is really boggling

http://www.techopsguys.com/2012/08/13/freakish-performance-with-site-to-site-vpn/


May not directly be on sonicwall, but though of sharing. In past experience on network device, they can support TCP opt - good. E.g. TCP BW opt algo such as Nagle (TCP sender end) that is supposed to reduce congestion by coalescing small send req into larger TCP segments. However, it can be not friendly as it can reach deadlock with TCP D-ACK (another TCP opt algo in receiver end) in place. Simply disable Nagle within LAN but do see the link if it is of interest.. Maybe Sonicwall has such config...

http://blogs.msdn.com/b/windowsazurestorage/archive/2010/06/25/nagle-s-algorithm-is-not-friendly-towards-small-requests.aspx
http://www.stuartcheshire.org/papers/NagleDelayedAck/
0
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 250 total points
Comment Utility
If its coming out the same port on the sonicwall, that also sounds about right. What port shield groups are configured and how is this all plugged in?

Even with exclusions, I assume the sonicwall is still an Ids and content filter for other stuff otherwise you would just turn it off to test. So it's not like its doing nothing else during these tests.
0
 

Author Comment

by:cadcollin
Comment Utility
This is a NSA 4500. LAN and DMZ both have their own Gigabit interface. Routes were auto created by the Sonic OS. LAN has full egress to DMZ and the DMZ has the required ports forwarded in firewall rules. BWM has been turned off for these 2 interface and there are no QOS rules currently for testing.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
What is doing the transfer to test? Is it something sensitive to latency to get good speeds? I've found that a quick and dirty FileZilla server/client with a large ISO or something is a great speed test.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 250 total points
Comment Utility
Sorry for the split post: I wanted to add to make sure you are using the dmz/LAN ips. If you use DNS you could be going out the wan and back in on accident.

E.g. If I hit my FTP server using its LAN ip from the LAN, I get good speeds (it doesn't go through the sonicwall). If I use its .com address it goes through sonicwall and my speed cuts in half.
0
 

Author Comment

by:cadcollin
Comment Utility
We have been testing both by direct IP and DNS name; each identical copy set has netted the reduced speed when passing through the SonicWall.  I have been unable to qualify via SonicWall documentation if you must utilize QOS or BWM rules to actually achieve optimum throughput performance...  Has anyone metered their speeds between interfaces on a comparable SonicWall product to see what they can reach?  I have a ticket open with SonicWall but they have yet to updated it in over several days now...
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
Comment Utility
IF we will to disable BWM for the sake of having QoS out of picture, and if performance is the same, at least we isolate "shaping" has nothing to do with the "slowness". Below are BWM info in case you want to drill deeper ... too many parameter in QoS e.g. Prority, Queuing, Max BW etc...maybe good to isolate issue (if it is an issue and not a norm that we are putting as premise at this moment)

http://help.sonicwall.com/help/sw/eng/6800/25/8/1/firewall_bwm.html

Some interesting tips on tuning performance

http://www.firewalls.com/blog/sonicwall-throughput/

Maybe dashboard to see performance on sonicwall may help while traffic is pumping across the interface or doing some tcpdump... there is Viewpoint which may provide “At-a-Glance” reporting on network metrics

http://www.sonicwallsecure.com/sonicwall-viewpoint
0
 

Author Closing Comment

by:cadcollin
Comment Utility
We were looking for a real live example of what others have experienced. Thank you for your time in trying to help solve this.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now