• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 490
  • Last Modified:

Sonicwall Wireless high latency

We have been a Sonicwall reseller for a long time and have always been less than impressed with their "enterprise wireless" solution.  It requires lots of configuration (in comparison to a simple unmanaged AP like a stock Netgear) to get simple traffic going between the WLAN and the LAN.  It is also prone to dropped packets and extremely high latency (again compared to a basic Netgear plugged into the switch).  The "most seamless" implementation of Sonicwall wireless comes on the TZ series routers with built in wireless when you bridge the WLAN and the X0 interface so that they share a single IP scope, but even then the ping times are not really as good as you would expect.

I loaded the latest firmware (5.9.x) on a TZ 215 and was pleased to find that it now supports the ability to bridge a single VLAN for the secure wifi to the X0 (LAN) interface.  This was not an option on 5.8.x and earlier unless the router was using built-in wifi (no sonicpoints).  When I saw this option, I said "yes, we can finally overcome all of the NETBIOS broadcast challenges and other issues by having a single bridged network".  Not so much.

Sonicwall insists that this is a bad idea from a security standpoint but that is not the scope of this query so please don't press that issue.  From a strictly technical standpoint, this configuration should work just like a basic AP on the LAN switch.  It doesn't.  After 1m+ pings, the packet loss is acceptable (~50 packets per 100k which is not even as good as a stock Netgear on the LAN but I could let that go) but the latency is ridiculous.  We see spikes as high as 2700 ms and an average of ~140 ms.  This is insane when you compare it to ~1ms average over a million pings on a basic Netgear (or any brand) AP.  Oddly enough, we see moderately better ping times coming FROM the laptop on the wirelss network to the internet than we do coming FROM a PC on the LAN to the laptop that is wireless.

Here are the facts:
The laptop is 10 feet from the AP in the same room.
The AP has been replaced.
We have tried this on several different client networks and our own, ranging from 1 sonicpoint to 8 sonicpoints.
We have factory defaulted various routers multiple times.
We have tried various IP schemes.
We have tried several different laptops and NIC drivers.
The performance is the same whether we bridge the networks like we want to or we use the Sonicwall recommended configuration (separate networks with IP Helper / firewall rules).
IP Helper helps a LITTLE in a "recommended config", but there are lots of applications like the Toshiba projector software that does not work no matter what IP Helper or firewall rules we put into the system.  This is one of the reasons we want to bridge the networks.
Of course, we restarted.  We did it three times, just like you always said to. (Some of you will get this.)

Sonicwall support has been engaged on this at least half a dozen times going back to early 5.x firmware and they are no closer to resolution now.  They don't really act like it is a problem although they have never actually said that nor refused to talk about it.
I asked Sonicwall support how to just cut off all packet inspection on this traffic (the setting on the diag.html page did not help) because it feels like the router is routing and deep-packet-inspecting this traffic due to the VLAN tag but that was like talking to a brick wall.

My hope is that someone who has a lot of (or maybe just a little of exactly the right) experience with Sonicwall has already found a solution for this.  The way it stands, it is getting really hard to justify the cost of Sonicwall access points to clients when they know what kind of performance they can get out of a $60 Wal-Mart access point (lack of management aside).  At some point, a Pinto that runs at top speed all day starts looking pretty good compared to a Porsche with a 40 mile per hour governor.  Thoughts?
1 Solution
I wish I had something to contribute.  We've run into the same issues and gave up.  We no longer offer the wireless units and just put a separate AP in.  We use these APs and love them!  Price is right, no subscription, etc.  It's a step above the basic units off the shelf, but certainly enterprise grade if that's what you need.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now