SonicWall Transfer Speeds

When transferring files from a LAN server to a LAN server we can achieve 100 MB/s. We can also achieve this speed when transferring from a DMZ server to a DMZ server. However, when we transfer from the LAN to the DMZ through the Sonicwall appliance, we average around 30 MB/s. We placed exclusions on the Sonicwall so that IPS and Content Filtering would not be an issue. We contacted Sonicwall and they stated that this is actually good speed. Has anyone else run into this? What speeds are you achieving? If this is normal I will stop searching but I am having a hard time believing it.
cadcollinAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
IF we will to disable BWM for the sake of having QoS out of picture, and if performance is the same, at least we isolate "shaping" has nothing to do with the "slowness". Below are BWM info in case you want to drill deeper ... too many parameter in QoS e.g. Prority, Queuing, Max BW etc...maybe good to isolate issue (if it is an issue and not a norm that we are putting as premise at this moment)

http://help.sonicwall.com/help/sw/eng/6800/25/8/1/firewall_bwm.html

Some interesting tips on tuning performance

http://www.firewalls.com/blog/sonicwall-throughput/

Maybe dashboard to see performance on sonicwall may help while traffic is pumping across the interface or doing some tcpdump... there is Viewpoint which may provide “At-a-Glance” reporting on network metrics

http://www.sonicwallsecure.com/sonicwall-viewpoint
0
 
btanConnect With a Mentor Exec ConsultantCommented:
Looking at it spec e.g. TZ 100, it has Stateful Throughput3 100 Mbps which is mentioned to be the max performance based on RFC 2544 (for firewall). Actual performance may vary depending on network conditions and activated services. Actual maximum connection counts are lower when UTM services are enabled.

http://o-www.sonicwall.com/us/en/products/TZ_100.html#tab=specifications

let hope not any WAN features is turned on by default or inadvertently. LAN tx using WAN opt will turn the table around. But in the blog, it does not seems like sonicwall is that worst off...despite its DPI in a VPN setup. But one thing to note is if the CPU is not high, it really should be doing nothing and why is such proxy acting as middleman bringing odwn the performance is really boggling

http://www.techopsguys.com/2012/08/13/freakish-performance-with-site-to-site-vpn/


May not directly be on sonicwall, but though of sharing. In past experience on network device, they can support TCP opt - good. E.g. TCP BW opt algo such as Nagle (TCP sender end) that is supposed to reduce congestion by coalescing small send req into larger TCP segments. However, it can be not friendly as it can reach deadlock with TCP D-ACK (another TCP opt algo in receiver end) in place. Simply disable Nagle within LAN but do see the link if it is of interest.. Maybe Sonicwall has such config...

http://blogs.msdn.com/b/windowsazurestorage/archive/2010/06/25/nagle-s-algorithm-is-not-friendly-towards-small-requests.aspx
http://www.stuartcheshire.org/papers/NagleDelayedAck/
0
 
Aaron TomoskyConnect With a Mentor SD-WAN SimplifiedCommented:
If its coming out the same port on the sonicwall, that also sounds about right. What port shield groups are configured and how is this all plugged in?

Even with exclusions, I assume the sonicwall is still an Ids and content filter for other stuff otherwise you would just turn it off to test. So it's not like its doing nothing else during these tests.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
cadcollinAuthor Commented:
This is a NSA 4500. LAN and DMZ both have their own Gigabit interface. Routes were auto created by the Sonic OS. LAN has full egress to DMZ and the DMZ has the required ports forwarded in firewall rules. BWM has been turned off for these 2 interface and there are no QOS rules currently for testing.
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
What is doing the transfer to test? Is it something sensitive to latency to get good speeds? I've found that a quick and dirty FileZilla server/client with a large ISO or something is a great speed test.
0
 
Aaron TomoskyConnect With a Mentor SD-WAN SimplifiedCommented:
Sorry for the split post: I wanted to add to make sure you are using the dmz/LAN ips. If you use DNS you could be going out the wan and back in on accident.

E.g. If I hit my FTP server using its LAN ip from the LAN, I get good speeds (it doesn't go through the sonicwall). If I use its .com address it goes through sonicwall and my speed cuts in half.
0
 
cadcollinAuthor Commented:
We have been testing both by direct IP and DNS name; each identical copy set has netted the reduced speed when passing through the SonicWall.  I have been unable to qualify via SonicWall documentation if you must utilize QOS or BWM rules to actually achieve optimum throughput performance...  Has anyone metered their speeds between interfaces on a comparable SonicWall product to see what they can reach?  I have a ticket open with SonicWall but they have yet to updated it in over several days now...
0
 
cadcollinAuthor Commented:
We were looking for a real live example of what others have experienced. Thank you for your time in trying to help solve this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.