Gigabit Ethernet Bottleneck?

I have recently upgraded to gigabit fiber for our internet connection. Here are the basics of how the network is connected:

The ISP router (Juniper SRX550) is connected to a small gigabit switch (D-Link DGS1016D). This allows me to have a DMZ of sorts off this small switch. Then I have the small gigabit switch connected to the firewall (NSA2400) and behind the firewall are four 50-port gigabit switches (Cisco SG200-50). All patch cables are CAT5e are CAT6.

So here is the weirdness. If I run internet bandwidth tests from computers on the LAN which are connected to one of the 50-port switches behind the firewall, I consistently get around 275-300Mbps on both upload and download. But if I connect a computer to the small switch in the "DMZ" in front of the firewall and configure it with one of our public IPs, I consistently get 850-950Mbps upload/download.

So the gigabit fiber speed that we are paying for is there. But computers on the LAN behind the firewall don't reach that.

Now, I have verified that all the ports in the switches and the firewall are all set to 1000Mbps and full duplex. And everything reports back that the ethernet connections are indeed 1000Mbps. And I have tested this after-hours when I was the only one in the office and using the LAN.

Am I missing something?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The firewall you're using may not be capable of processing more than the lower number, despite what the wire can handle. Check out the specs on this data sheet. Not all of the features will process what you're trying to push through:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MosaicRPAuthor Commented:
Ah, that makes sense. I looked up the performance specs on the Sonicwall NSA2400 and found these numbers:
VPN throughput (3DES/AES) : 300 Mbps
Connection rate : 4000 connections per second
Intrusion prevention throughput : 275 Mbps
Gateway anti-virus throughput : 160 Mbps
Stateful throughput : 775 Mbps
Firewall throughput (IMIX) : 235 Mbps
Unified Threat Management (UTM) throughput : 150 Mbps

Do you think I am running up against that intrusion prevention throughput or some combination?
Yep. You could do an experiment and turn off those features, then see if your throughput improves.
MosaicRPAuthor Commented:
Thanks Mike. I have never dealt with these kinds of speeds before so didn't think about processing limitations. Maybe it's time to upgrade the firewall.  :o)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.