Solved

SonicWall Transfer Speeds

Posted on 2013-02-05
8
921 Views
Last Modified: 2013-02-11
When transferring files from a LAN server to a LAN server we can achieve 100 MB/s. We can also achieve this speed when transferring from a DMZ server to a DMZ server. However, when we transfer from the LAN to the DMZ through the Sonicwall appliance, we average around 30 MB/s. We placed exclusions on the Sonicwall so that IPS and Content Filtering would not be an issue. We contacted Sonicwall and they stated that this is actually good speed. Has anyone else run into this? What speeds are you achieving? If this is normal I will stop searching but I am having a hard time believing it.
0
Comment
Question by:cadcollin
  • 3
  • 3
  • 2
8 Comments
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 38859030
Looking at it spec e.g. TZ 100, it has Stateful Throughput3 100 Mbps which is mentioned to be the max performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Actual maximum connection counts are lower when UTM services are enabled.

http://o-www.sonicwall.com/us/en/products/TZ_100.html#tab=specifications

let hope not any WAN features is turned on by default or inadvertently. LAN tx using WAN opt will turn the table around. But in the blog, it does not seems like sonicwall is that worst off...despite its DPI in a VPN setup. But one thing to note is if the CPU is not high, it really should be doing nothing and why is such proxy acting as middleman bringing odwn the performance is really boggling

http://www.techopsguys.com/2012/08/13/freakish-performance-with-site-to-site-vpn/


May not directly be on sonicwall, but though of sharing. In past experience on network device, they can support TCP opt - good. E.g. TCP BW opt algo such as Nagle (TCP sender end) that is supposed to reduce congestion by coalescing small send req into larger TCP segments. However, it can be not friendly as it can reach deadlock with TCP D-ACK (another TCP opt algo in receiver end) in place. Simply disable Nagle within LAN but do see the link if it is of interest.. Maybe Sonicwall has such config...

http://blogs.msdn.com/b/windowsazurestorage/archive/2010/06/25/nagle-s-algorithm-is-not-friendly-towards-small-requests.aspx
http://www.stuartcheshire.org/papers/NagleDelayedAck/
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 250 total points
ID: 38859760
If its coming out the same port on the sonicwall, that also sounds about right. What port shield groups are configured and how is this all plugged in?

Even with exclusions, I assume the sonicwall is still an Ids and content filter for other stuff otherwise you would just turn it off to test. So it's not like its doing nothing else during these tests.
0
 

Author Comment

by:cadcollin
ID: 38859825
This is a NSA 4500. LAN and DMZ both have their own Gigabit interface. Routes were auto created by the Sonic OS. LAN has full egress to DMZ and the DMZ has the required ports forwarded in firewall rules. BWM has been turned off for these 2 interface and there are no QOS rules currently for testing.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 38859926
What is doing the transfer to test? Is it something sensitive to latency to get good speeds? I've found that a quick and dirty FileZilla server/client with a large ISO or something is a great speed test.
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 250 total points
ID: 38859944
Sorry for the split post: I wanted to add to make sure you are using the dmz/LAN ips. If you use DNS you could be going out the wan and back in on accident.

E.g. If I hit my FTP server using its LAN ip from the LAN, I get good speeds (it doesn't go through the sonicwall). If I use its .com address it goes through sonicwall and my speed cuts in half.
0
 

Author Comment

by:cadcollin
ID: 38861226
We have been testing both by direct IP and DNS name; each identical copy set has netted the reduced speed when passing through the SonicWall.  I have been unable to qualify via SonicWall documentation if you must utilize QOS or BWM rules to actually achieve optimum throughput performance...  Has anyone metered their speeds between interfaces on a comparable SonicWall product to see what they can reach?  I have a ticket open with SonicWall but they have yet to updated it in over several days now...
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 38862291
IF we will to disable BWM for the sake of having QoS out of picture, and if performance is the same, at least we isolate "shaping" has nothing to do with the "slowness". Below are BWM info in case you want to drill deeper ... too many parameter in QoS e.g. Prority, Queuing, Max BW etc...maybe good to isolate issue (if it is an issue and not a norm that we are putting as premise at this moment)

http://help.sonicwall.com/help/sw/eng/6800/25/8/1/firewall_bwm.html

Some interesting tips on tuning performance

http://www.firewalls.com/blog/sonicwall-throughput/

Maybe dashboard to see performance on sonicwall may help while traffic is pumping across the interface or doing some tcpdump... there is Viewpoint which may provide “At-a-Glance” reporting on network metrics

http://www.sonicwallsecure.com/sonicwall-viewpoint
0
 

Author Closing Comment

by:cadcollin
ID: 38877216
We were looking for a real live example of what others have experienced. Thank you for your time in trying to help solve this.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question