SonicWall TZ 205 BWM settings for RD Gateway (SBS 2011)

MISquared
MISquared used Ask the Experts™
on
We have a client using SBS 2011 with a separate Remote Desktop server on Server 2012 at the main office. Users from a branch office RDP through the SBS RD Gateway to use the Remote Desktop server. Every so often the branch office users complain about sluggish connectivity to the remote server. Can anyone recommend, in detail, the best settings on their main office TZ 205 firewall, in terms of bandwidth management, to optimize traffic for the RD Gateway while still leaving enough resources for normal web browsing, SMTP, and the branch office VPN?

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Director of Solutions Consulting
Commented:
IMO The easiest way to use bwm on a sonicwall is to find the firewall rule for wan to lan for the rds server and mark it as high. Set your high medium and low bwm values. Make sure you set the inbound and outbound speeds on the wan interface.

What is your wan speed? Do you use GAV, Ids or content filtering?

Author

Commented:
Thanks, Aaron.

So...
Under Firewall Settings > BWM,  I can change the BWM type to WAN, Global, or None. Should I choose Global here?

Under Firewall > Access Rules, I have rules for HTTP, HTTPS, and an RWW specific rule for port 987. There is a tab called Ethernet BWM. When I set BWM type (above) to WAN, the settings I change in Ethernet BWM under Access Rules do not stick. So, I'm guessing I need to set that to Global. When I choose this, I get a daunting message about BWM settings being reset on all Access Rules. I don't figure this will be a problem though since I don't have any BWM settings for any of the Access Rules yet.

Any thoughts on that?

Thanks!
Aaron TomoskyDirector of Solutions Consulting
Commented:
Correct, set it to global and don't worry about the warning.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Ok, set it. I'll see how it goes for a day or so.

To answer your other question. There is GAV, Content Filtering, and IPS running on the SonicWall, but these problems have been going on since before those services were enabled. Ultimately, I think the issue is on the end of the branch office, but I wanted to eliminate possibilities.
Aaron TomoskyDirector of Solutions Consulting

Commented:
I ask because the tz205 with all the security running will likely have problems with more than a 10mbit connection

Author

Commented:
It's closer to 18. Do you know if it's possible to omit that traffic, by service or IP, from being scanned by those services? I'll poke around to see what I can find out.
Aaron TomoskyDirector of Solutions Consulting

Commented:
so not only can gav, ids, and content filtering be enabled or disabled entirely, but they can be enabled per direction per interface. If you can find some off-business-hours time, run a speedtest with how it is now. Disable all security features and run a speedtest. Plug a laptop directly into the internet line, run a speedtest.

Here is a good doc on enabling some fairly tight security on a sonicwall
https://support.software.dell.com/kb/sw12434

Author

Commented:
I'll check it out. Thanks for all your help. I appreciate it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial