Solved

SonicWALL TZ 210N Killing Internet Performance

Posted on 2013-05-17
7
844 Views
Last Modified: 2013-11-29
Hi folks!

We use a SonicWALL TZ 210N as our router, firewall, and content filtering/intrusion prevention system. Basically, everything at the boundary between us and the Internet.

Overall, I've been satisfied with the level of security it has provided. However, Internet performance has left something to be desired, both in terms of the raw speeds we are seeing and also in that we see downloads of all types frequently stalling and having to be restarted multiple times.

Reading online, I have found many people who have encountered these issues with SonicWALL's Gateway Anti-Virus, content filtering, and intrusion prevention services. So, as a test, I disabled all of those and, voila, our speeds nearly doubled and no more stalls. But our network is also wide open.

Short of "dump the SonicWALL, buy something else," which is not really an option for us at this moment, does anyone have experience with this problem and suggestions how to get better performance out of this environment?

Thanks,
Ithizar
0
Comment
Question by:Ithizar
  • 3
  • 3
7 Comments
 
LVL 15

Expert Comment

by:ZabagaR
ID: 39175941
You can set up exception rules in SonicWALL's Gateway Anti-Virus, content filtering, IPs.
I've had the same expience as you, slow with it all running. If there are certain destinations and/or ports you know are safe, make an exception rule.
0
 

Author Comment

by:Ithizar
ID: 39175950
Thanks, but this is so general, it would be difficult to deal with it using exception rules. It really is impacting virtually all use of the Internet, particular whenever anything is being downloaded.
0
 
LVL 15

Expert Comment

by:ZabagaR
ID: 39176095
Can you tell which of the security services is causing the most performance hit? Maybe disable each one at a time and see which one impacts you the greatest. From there, you can tune each service a bit so it's not as aggressive. There's the "low" "medium" "high" settings or you can choose to only use the scans on the WAN interface and leave LAN alone.
Aside from the settings on those config screens, I think that's pretty much it inside "Security Services".
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Ithizar
ID: 39176177
I've been trying a test today with the same download over and over again -- the installer for GIMP, as it happens. If I disable Gateway AntiVirus, IPS, Anti-Spyware, and Content Filtering, I can consistently get good download speeds and no stalls. If I enable any one or more of those services, the downloads consistently stall and have to be restarted, as well as running at overall slower speeds.

I have seen several posts around the Interwebs like the following one that suggest changing a couple of key settings in the diagnostics mode of the SonicWALL. The two in particular that seem to be recommended again and again are "Enable enforcement of a limit on maximum allowed advertised TCP window with any DPI-based service enabled" and "Set a limit on maximum allowed advertised TCP window with any DPI-based service enabled (KBytes)." Many users report changing those settings solved their issues. But on our SonicWALL, in the diagnostic mode page, I can't find those two particular settings. Perhaps a setting not configurable on the TZ 210?

Example link:
http://www.acumen-corp.com/Blog/tabid/298/entryid/16/Sonicwall-Gateway-Antivirus-Security-causes-slow-and-failed-downloads.aspx
0
 
LVL 20

Expert Comment

by:carlmd
ID: 39177283
On the "Security Services" -> Summary page there is a setting for "Security Services Settings",
make sure that is set to "Performance Optimized".

Also turn off only "Content Filter" and see how much of a difference that makes.
0
 
LVL 15

Accepted Solution

by:
ZabagaR earned 500 total points
ID: 39178683
Before making changes on the diag page, you should open a support call with Dell Sonicwall and ask for their input regarding your problem.
0
 

Author Comment

by:Ithizar
ID: 39220696
I have an active support case with Dell. So far, the farthest they've gotten is having me update my firmware. It was woefully out of date, but updating it has made no difference.

Further, I've tried the suggested route of switching to Performance Optimized settings with no change, and disabling only the Content Filter doesn't seem to fix the problem either.

Thanks.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now