Solved

SonicWALL TZ 210N Killing Internet Performance

Posted on 2013-05-17
7
884 Views
Last Modified: 2013-11-29
Hi folks!

We use a SonicWALL TZ 210N as our router, firewall, and content filtering/intrusion prevention system. Basically, everything at the boundary between us and the Internet.

Overall, I've been satisfied with the level of security it has provided. However, Internet performance has left something to be desired, both in terms of the raw speeds we are seeing and also in that we see downloads of all types frequently stalling and having to be restarted multiple times.

Reading online, I have found many people who have encountered these issues with SonicWALL's Gateway Anti-Virus, content filtering, and intrusion prevention services. So, as a test, I disabled all of those and, voila, our speeds nearly doubled and no more stalls. But our network is also wide open.

Short of "dump the SonicWALL, buy something else," which is not really an option for us at this moment, does anyone have experience with this problem and suggestions how to get better performance out of this environment?

Thanks,
Ithizar
0
Comment
Question by:Ithizar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 15

Expert Comment

by:ZabagaR
ID: 39175941
You can set up exception rules in SonicWALL's Gateway Anti-Virus, content filtering, IPs.
I've had the same expience as you, slow with it all running. If there are certain destinations and/or ports you know are safe, make an exception rule.
0
 

Author Comment

by:Ithizar
ID: 39175950
Thanks, but this is so general, it would be difficult to deal with it using exception rules. It really is impacting virtually all use of the Internet, particular whenever anything is being downloaded.
0
 
LVL 15

Expert Comment

by:ZabagaR
ID: 39176095
Can you tell which of the security services is causing the most performance hit? Maybe disable each one at a time and see which one impacts you the greatest. From there, you can tune each service a bit so it's not as aggressive. There's the "low" "medium" "high" settings or you can choose to only use the scans on the WAN interface and leave LAN alone.
Aside from the settings on those config screens, I think that's pretty much it inside "Security Services".
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:Ithizar
ID: 39176177
I've been trying a test today with the same download over and over again -- the installer for GIMP, as it happens. If I disable Gateway AntiVirus, IPS, Anti-Spyware, and Content Filtering, I can consistently get good download speeds and no stalls. If I enable any one or more of those services, the downloads consistently stall and have to be restarted, as well as running at overall slower speeds.

I have seen several posts around the Interwebs like the following one that suggest changing a couple of key settings in the diagnostics mode of the SonicWALL. The two in particular that seem to be recommended again and again are "Enable enforcement of a limit on maximum allowed advertised TCP window with any DPI-based service enabled" and "Set a limit on maximum allowed advertised TCP window with any DPI-based service enabled (KBytes)." Many users report changing those settings solved their issues. But on our SonicWALL, in the diagnostic mode page, I can't find those two particular settings. Perhaps a setting not configurable on the TZ 210?

Example link:
http://www.acumen-corp.com/Blog/tabid/298/entryid/16/Sonicwall-Gateway-Antivirus-Security-causes-slow-and-failed-downloads.aspx
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39177283
On the "Security Services" -> Summary page there is a setting for "Security Services Settings",
make sure that is set to "Performance Optimized".

Also turn off only "Content Filter" and see how much of a difference that makes.
0
 
LVL 15

Accepted Solution

by:
ZabagaR earned 500 total points
ID: 39178683
Before making changes on the diag page, you should open a support call with Dell Sonicwall and ask for their input regarding your problem.
0
 

Author Comment

by:Ithizar
ID: 39220696
I have an active support case with Dell. So far, the farthest they've gotten is having me update my firmware. It was woefully out of date, but updating it has made no difference.

Further, I've tried the suggested route of switching to Performance Optimized settings with no change, and disabling only the Content Filter doesn't seem to fix the problem either.

Thanks.
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question