Link to home
Start Free TrialLog in
Avatar of Alfonso Perez
Alfonso Perez

asked on

SonicWall TZ215 Wireless

Hello Experts, I need some assistance since I'm not that familiar with SonicWall

I have a TZ215 FW with both, LAN and WLAN active configurations, I upgraded my ISP BW from 10Mbps to 20Mbps (cable provider) and just realized that everything connected to the LAN interfaces on my sonicwall (X0) are getting the full 20Mbps (or really near with speedtest.net) but all my wireless clients only get up to 10Mbps...

Does anyone has any idea of what is going on here?

Thanks for your support
Avatar of Mal Osborne
Mal Osborne
Flag of Australia image

The TZ215W uses 802.11g wireless. This is usually advertised as 54Mb, however that is a little misleading. 54Mb is the theoretical maximum throughput, in one direction, with one user, under a perfect scenario. In the real world, that speed never happens. 20Mb is a actually as good as you are likely to see, 10Mb is more realistic once multiple users, some distance, other nearby WAPs and interference take their toll.

A wireless connection is fine for casual web browsing, but will perform slowly and occasionally disconnect.

You might try a quick wireless survey. Numerous apps are available for smartphones, which can "sniff" and locate other WAPs, letting you pick a clear channel. I use "Wifi Analyser" on my Samsung S5 and S8, it is free and works well for me, but there are others.
Hi Alfonso,

There are numerous factors that can degrade wireless performance. First off, you should expect performance speed hits with Wireless by default. These wireless networks typically operate in half duplex opposed to wired networks running in full duplex. Also there is overhead with wireless that will down size the throughput performance opposed to their wired counterparts. What is your signal strength? The greater the signal strength the greater the throughput. What encryption standard are you using?

Here are some considerations for using wireless connections:
  • Mobility - if the majority of your network is laptop computers, wireless is more portable than wired connections.
  • Convenience - wireless networks do not require cabling of individual computers or opening computer cases to install network cards.
  • Speed - if network speed is important to you, you may want to consider using Ethernet connections rather than wireless connections.
  • Range &Coverage - if your network environment contains numerous physical barriers or interference factors, wireless networking may not be suitable for your network.
  • Security - wireless networks have inherent security issues due to the unrestricted nature of the wireless transmissions & the encryptions that have been compromised in recent years.

If you want to optimize your wireless performance here are some things to consider:
  • Make sure the wireless cards are 802.11n compatible & that their respective drivers are current.
  • Place the wireless security appliance near the center of your intended network. This can also reduce the possibility of eavesdropping by neighboring wireless networks.
  • Minimize the number of walls or ceilings between the wireless security appliance and the receiving points such as PCs or laptops.
  • Try to place the wireless security appliance in a direct line with other wireless components. Best performance is achieved when wireless components are in direct line of sight with each other.
  • Building construction can make a difference on wireless performance. Avoid placing the wireless security appliance near walls, fireplaces, or other large solid objects. Placing the wireless security appliance near metal objects such as computer cases, monitors, and appliances can affect performance of the unit.
  • Metal framing, UV window film, concrete or masonry walls, and metallic paint can reduce signal strength if the wireless security appliance is installed near these types of materials.
  • Installing the wireless security appliance in a high place can help avoid obstacles and improve performance for upper stories of a building.
  • Neighboring wireless networks and devices can affect signal strength, speed, and range of the wireless security appliance. Also, devices such as cordless phones, radios, microwave ovens, and televisions may cause interference on the wireless security appliance.

Antenna adjustments:
  • The antennas on the wireless security appliance can be adjusted for the best radio reception.
  • Begin with the antennas pointing straight up, and then adjust as necessary. Note that certain areas, such as the area directly below the wireless security appliance, get relatively poor reception.
  • Pointing the antenna directly at another wireless device does not improve reception.
  • Do not place the antennas next to metal doors or walls as this can cause interference.

If you need to perform a wireless scan you can natively through the Wireless > IDS under Discovered Access Points.

You should really consider upgrading to a newer firewall such as the TZ 300W to protect yourself from Ransomware and today's current threats.

Let me know if you have any other questions!

@Mal - where did you get your data? TZ 215W supports IEEE 802.11a/b/g/n. In fact the TZ 210 wireless supported 802.11n.
Blue's advice is pretty dead on. However, I have always been one to advice against Sonicwall wireless products. They work, but you can get bit better wireless products for less money. (Future advice if you need to increase your wireless coverage)

When I deploy Sonicwall firewalls, I advice to get separate wireless access points. Generally considerably better, and many don't cost as much as the Sonicwall solution.
Avatar of Alfonso Perez
Alfonso Perez

ASKER

Thanks all for your comments, and actually all were conisdered when I first built this network, which by the way is a simple Home Network :)
Let me tell you something else to consider...

Inside the LAN interfaces of the SonicWall Firewall I have a Linksys EA2700 connected as bridge mode to provide a secondary WLAN (SSID) on the 2nd floor, its extends the same L3 of the sonicwall LAN.

The test Im running is with just one device (my samsung mobile) connected to the Wireless network, when I'm in the second floor on the 2nd SSID I got 20Mbps from speedtest, when I go downstairs and connect to the SSID from the SonicWall.. I get less than 10Mbps eventhough I´m right next to it with an strength signal.

Since I got out of support from SonicWall im thinking to move the Linksys as the Core and move the sonicwall upstairs (or replace it) but it came into my attention that even with the most "perfect" Scenarion, the WLAN is not passing 9mbps up to the 20mbps on the WAN Interface.
I´m pretty sure that if the Linksys comes downstairs it wil give me the full 20mbps on the WLAN, dont know
The test Im running is with just one device (my samsung mobile) connected to the Wireless network, when I'm in the second floor on the 2nd SSID I got 20Mbps from speedtest, when I go downstairs and connect to the SSID from the SonicWall.. I get less than 10Mbps eventhough I'm right next to it with an strength signal.
That's a important detail. I would say (if possible) to try connecting the EA2700 to the Sonicwall directly, and bridging that port to W0. However, you're also going to have to change the VLAN zone settings to allow non-Sonicpoint devices.
thats how I have it masnrock, Lynksys is connected directly to the SonicWall.

WO is bridged to X0, which allows me to have the same network in both floors, I dont have any sonicpoint device, is there somewhere I need to say that in the wireless config?
Give that you have a TZ215W, I was figuring that you were using the Sonicwall's wireless. By default, the wireless interface is in a WLAN zone, but if you took it out of that, then the WLAN zone becomes irrelevant. The Sonicpoint that you do have is the built into your Sonicwall (for intents and purposes that built in wireless does still count as one).
Ohh I see the confusion, my bad.. So yes!! The SonicWall internal WLAN (W0) is the wireless broadcast SSID in the 1st floor, I was using that for a long time ago with my 10mbps ISP Internet access, everything was fine.

I added the Linksys on the 2nd floor and connected into the LAN interface of the SonicWall. In order to have the same network (L3) I bridged the linksys into the sonicwall LAN, the WLAN into the LAN, and so on.... this allows me to have the same /24 all over the place, the only thing is that in the linksys I decided to use a different SSID for the 2nd floor only.

Makes sense now?

The problem seems that when a device gets into the Linksys, it uses the connection on the LAN Side (X0) to get into the sonicwall and then into the X1 (WAN) Interface to get the full 20mbps.
The devices that connect directly to sonicwall (W0) jump into the X1(WAN) and they only get 9mbps... that doesnt make any sense to me to be honest, cause eventhough the 300mbps half duplex of the WLAN interface is way to big for my 20mbps
Now we're on the same page. Try moving your Linksys unit into the same zone at the internal wireless. But as I pointed out, you have to turn off Sonicpoint detection for the WLAN zone. Once you've done this, see if you have the same issue when using the Linksys. If yes, then it's involving the filtering, etc. of that zone. If not, then it's more related to the hardware interaction.

I would ask if you have the latest firmware on your Sonicwall, which I hope you do.
Currently I cant do that cause Bridge is already between WLAN and LAN, remember I want both networks in the same segment? If I tried to assign an interface for Linksys, set the zone of WLAN and bridge it to LAN, I got this error:

Error: Index of the interface.: Bridged-to interface already used in bridged pair
I think I will try to have 2 networks (WLAN and LAN) So I can test what you are suggesting, I just need to wait till no one needs the network :)

Thanks
i took out the Linksys from the network to do the adjustments but just having the SonicWall Wireless (W0) Active for any device, the speed stills down to 6mbps, LAN PC can get 20mbps... so.. i believe this is something else
I understand that you considered all of what I said when you originally configured the network but you did not address any of my previous questions in comment https:#a42235363 !

Incidentally, we have a 200 Mbps connection and on laptops & mobiles I see connections around 90-100 Mbps and desktops at 230-250 Mbps (not a mistake we can clock over with our ISP). So this discrepancy is normal between wireless and wired networks. We are running a fully supported Gigabit network on the LAN and the WLAN is 802.11n exclusively (due to a few legacy devices, which once replace will be an 802.11ac only network).

• What is your Wireless Radio Mode: Wireless Bridge or Access Point?
• Have you modified (from default) the wireless settings in the SonicWALL's wireless page?
• How are you encrypting the wireless traffic?
• If your devices are compatible you should be running a completely 802.11n network meaning your Radio Mode is set to provide 802.11n Only?
• Set your Radio Band to either 20 or 40 MHz?
• Data Rate should be set to Best.
• Your Channel should be defined too in a non conflicting scope. Use the internal IDS scanner to resolve I previously mentioned.
• Enable Short Guard Interval & Aggregation can improve throughput depending on circumstances. In a scenario where you have optimum network conditions (devices have strong signals with little interference) it will improve throughput. However, in networks that experience less than optimum conditions (interference, weak signals, etc.), these options may introduce transmission errors that eliminate any efficiency gains in throughput. So you will have to test this and now where your network stacks in terms of being optimal or less than.
• The Short Guard Interval is the pause in transmission intended to avoid data loss from interference or multipath delays. Enabling this reduces the pause by half from 800ns (nano-seconds) to 400ns.
Aggregation has to do with 802.11n frames and the aggregation or amalgamation of them. When enabled it combines multiple frames to reduce overhead and increase throughput.
• You can test Preamble length too which is the distance between data packets sent across the wireless network. Short Preamble length reduces the overhead & the wait time. However, if you have a lot of interference in the wireless signals you'll want to select Long Preamble.
Fragmentation Threshold should be set to 2346, which is the default selection but just in case someone has messed with these settings...

Let me know the answers to my questions so I can better help you!
Sorry Blue Street Tech, I didnt intend to ignore your questions, let me answer them below :)
I just tried to explain that this is a Home Network that doesnt have more than 5 devices and actually my test is just with one device connected to the Wireless Network right next to the sonic wall and only gets 5Mbps form the WAN connection. All your suggestions and troubleshooting applies to a small office environment, I dont think my case is that, in fact I just replaced the sonicwall with my Linksys, using same parameters and connected the same single device, and it shows the full 20Mbps from the WAN.

So lets imagine the perfect world....WAN interface with 20mbps to Internet, NOTHING inside the wired LAN, and WLAN with a single device right next to it....still normal to have only 5mbps from WLAN to WAN?? In linksys is not that way... but again, I´m no expert in SonicWall and probably Im missing a configuration setting that is giving me this hard time.

Lets me answer your questions:

- What is your Wireless Radio Mode: Wireless Bridge or Access Point? the default when you activate the WLAN on the sonicwall, I believe its access point
• Have you modified (from default) the wireless settings in the SonicWALL's wireless page?, Yes, oly the basic.. like SSID, Security and Primary IP address
• How are you encrypting the wireless traffic?, WPA2-PSK
• If your devices are compatible you should be running a completely 802.11n network meaning your Radio Mode is set to provide 802.11n Only? NO, my devices doesnt support n, im running in the default mixed mode b,g,n
• Set your Radio Band to either 20 or 40 MHz? is set to AUTO, i did try both, same results
• Data Rate should be set to Best. Correct
• Your Channel should be defined too in a non conflicting scope. Use the internal IDS scanner to resolve I previously mentioned. Is set to Auto, I played around channels... same result
• Enable Short Guard Interval & Aggregation: Default disabled, its only supported in 802.11n mode which is not my case.
. What is your signal strength?. My device is right next to the Firewall so.. it is EXCELLENT
What encryption standard are you using?: WPA2-PSK- TKIP

Thanks for your suppport
Would you be able to show us screenshots? Specifically of the interfaces page? I'm hoping that gives some clues as well.
ASKER CERTIFIED SOLUTION
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you both!! this is really helpful
Find attached the screenshots of the current config on the TZ

Let me explain the "new" architecture and then I will adress BlueTech questions.

- I flapped the components to test Linksys as the primary router to WAN and SonicWall for the 2nd floor (new LAN), with the following outocome:
        1) Devices on 1st floor connected to Linksys via LAN or WLAN have up to 20mbps of WAN speed (18mbps average)
        2) Linksys LAN/WLAN is 172.16.100.1 /24
        3) SonicWall X2 interface is connected to a Linksys LAN port and assigned an static IP 172.16.100.10, which will act as the point of
            entry of the 2nd floor network (172.16.1.0/24)
        4) A new zone was created inside SonicWall (trusted) for X2 interface (UPLAN)
        5) WLAN  (W0) is bridged to LAN (X0) to have same network upstairs (172.16.1.0/24) for both LAN and WLAN devices
        6) Firewall rules and routing already applied to allow X2 to be the default gateway for the 2nd floor network
        7) A device connected to X0 gets almost 20Mbps of WAN access
        8) A device connected to WLAN gets below 10Mbps, having same result as before.....Its better to have this on the 2nd floor since I
            normally work downstairs and 20Mbps are better, I still want to fix this cause my XBOX is in the 2nd floor via Wireless :-(

So, since we still have the same issue, we may continue with the assistance

Questions

Are the WLAN security settings the same as the LAN...you can check it in Zones (Gateway AV, Antispyware, CFS, APP Control, etc)? YES and since the are bridged as a pair, this settings apply to both

You need to be at least 4 feet away from the SonicWALL or you will experience performance degradation. Yes, i made that test too, I was just trying to tell you the strenght of the signal and that no other device is involved.

Do you have the latest SonicOS firmware? Yes, I actually upgraded it yesterday to the latest 5.9.1.8-10o

I haven't mentioned this but after you change any Wireless settings you need to reboot the firewall Actually I did it when I swapped the devices, results were the same :(

perform an IDS scan and find a good unsaturated channel then change the Radio Mode to 802.11g Only if possible, define the Band to 20 MHz, & finally change the channel to the one previously selected by the IDS scan. Reboot and retest
This will be my next test, including the TKIP to AES

bridge the W0 to X0, and plug in the Linksys or your WAP to X2 or X3, which either should be PortShielded to X0... I tried this before but you cannot have portshield groups and bridged pairs at the same time, so I just have one available port for 2nd Floor LAN. I had it the same downstairs with a small switch to connect more devices (wired) but 2nd floor I only have my NAS Drive.
TZ-Interfaces.jpg
TZ-Wireless.jpg
In your TZ-Wireless.jpg you can see that your actual signal strength for device xxxEA:8E is only at 16% yielding an 18 Mbps connection rate. Is this the device you are testing?

If so there could be significant interference of physical limitations causing the signal to be weak ultimately degrading your connection rate.
No, that time I was downstairs and my device was connected there. my test is with my device close enough to get up to 68% with a 48Mbps connection rate. Not sure why I can't get more % since Im in the same room but probably with the channel change that you suggest it will come better
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yes , you will only get half the speed whatever LAN is getting , the reason for that is wlan is half duplex and LAN is full duplex , please navigate to network interface and see the status of wlan , it will show half duplex.
Do you need any more help with this...have I answered all your questions?
Sorry on the late reply....

After some config twicks that everybody suggested here, like Wireless Channel, Encryption, etc... I get to have a little better performance on the WLAN provided by SonicWall.. now devices connected on the 2nd floor have 10+Mbps of the 20 received on the WAN, I believe is a good approach although Cisco LinkSys WLAN is giving me the full 20Mbps. I guess hardware capabilities is the reason now right??
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for the points....glad I could help!