Performance Issue

From: JP (nospam_pangjoe_at_rogers.com)
Date: 09/29/04

• Next message: Agustin: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
• Previous message: Brendan DJ Murphy: "Firewall settings to allow "Windows Updates""
• Next in thread: Leythos: "Re: Performance Issue"
• Reply:(deleted message) Leythos: "Re: Performance Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 29 Sep 2004 08:17:18 -0400

Folks,

I ran into a performance issue with a Watchguard firewall which even the
manufacturer's technical support has no explanation of. Here is the
scenario:

    Internet -- DSL Modem -- Watchguard Firebox III model 1000 -- LAN1
(very slow ???)
                             |
                     Netgear/Linksys/DLink Router -- LAN2 (very fast)

We are connected to the ISP via DSL modem. It is a turbo technology which
provide 3Mb/sec of download speed. We are using a Watchguard FB3 1000
router for connecting to the DLS modem. We noticed that the users at LAN1
which goes through the Watchguard gateway did not get very good throughput.
At any time, the download speed to any site is just 250Kb/sec at most. We
have even eliminated other traffic by just allowing one PC to be connected
to the router.

Out of curiosity, we ran a test with a SOHO Internet gateway. We have tried
Netgear RP311, RP314, Dlink and Linksys. They all gave at least 450Kb/sec
of throughput. At first, we thought that the Watchguard has a problem with
the external interface. We then connected the DLS modem lan port,
Watchguard external interface, and Netgear external interface onto a mini
switch and ran the tests again. Results are consistent.

Finally, we plugged in an FTP server to the mini-switch where the Watchguard
ext interface, Netgear ext interface and DLS modem lan port are connected
to. We
configured it with a public IP address. To our surprise, Watchguard can
provide a very high throughput to the FTP server via the external interface,
8500Kb/sec. Netgear and Dlink are stable at about 450Kb/sec, but they are
not as fast.

That means the external interface of Watchguard is communicating effectively
on the mini switch. That eliminate the hand-shaking and duplex issue. What
can be wrong? I have no idea.

Cheers,

Joe

---

• Next message: Agustin: "Re: How to prevent system from replying to Ping (ICMP Echo) requests?"
• Previous message: Brendan DJ Murphy: "Firewall settings to allow "Windows Updates""
• Next in thread: Leythos: "Re: Performance Issue"
• Reply:(deleted message) Leythos: "Re: Performance Issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Performance Issue ... > router for connecting to the DLS modem. ... > which goes through the Watchguard gateway did not get very good throughput. ... > Watchguard external interface, and Netgear external interface onto a mini ... The Proxy filter ... (comp.security.firewalls) WAN Link Connectivity ... Our VPN users are connecting via Watchguard VPN's between two Watchguard ... they are eventually "locked out" and cannot access any server resources ... We are forced to reboot the SBS 2003 ... (microsoft.public.windows.server.sbs) Re: Hardware firewall recommendations for a small/medium office. ... >> solutions but am confused with all the features out there. ... > The WatchGuard Firebox III-1000 is just what you need. ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)