T20 v12.6.1

We setup a server on one interface with a different network block and trusted interface on a different block, both internal /24. In the policy we allow SMB port from trusted interface to another, but the transfer speed is very slow from trusted workstations to the server. Any idea what's needed to change?

  • Lots of things to check - mostly speed/duplex issues, bad Ethernet cables etc.

    Are these pulling files from the server, sending files to the server or both?

    Is the server directly connected to the firewall interface or is it connected to a switch?

    What is the speed of a transfer - how big a file takes how long?

    What is the server Ethernet interface set to? Auto, full duplex, half duplex?
    What are the 2 firewall interfaces set to? Auto, full duplex, half duplex?
    Auto is preferred - otherwise both devices should be set to the same speed & full duplex.

    You can see the status of firewall interfaces in Watchguard System Manager -> Firebox System Manager -> Status Report -> Interfaces section.
    Look for lots of errors or any collisions

  • Put your SMB packet filter to the top of your policy list to make sure that it is the one that is allowing these transfers.
    If you have Application Control, IPS or Geolocation enabled on this policy, unselect them.

  • You can also see the firewall link speeds in the Web UI -> Dashboard -> Interfaces -> Detail.
    No error or collision stats though.

    Hi Bruce,

    Thanks for the reply, cables are fine, ethernet speed is set to auto, transferring 4 GB file takes 90 minutes. How do I move the SMB policy up? And the server is directly connected to the switch Interface port.

  • Q: How do I move the SMB policy up?
    A: from the docs:
    To switch to manual order mode, from Fireware Web UI:

    1. Select Firewall > Firewall Policies.
      The Firewall Policies page appears.
    2. Below the policy list, click Disable policy Auto-Order mode.
      A confirmation message appears.
    3. Click Yes.
      4.To change the order of a policy, select the check box for a policy and click Move Up or Move Down to move it higher or lower in the list, or drag it to a new location in the Policy List.
    4. Click Save Policy Order.

    About Policy Precedence

  • Is the transfer to the server or from the server?

  • 4 GB (32,000 Mb) @ 10 Mb/sec = 3,200 sec = 53+ mins
    So this indicates that your transfer rate is less that 10 Mb/sec

    How do you know that cables are fine?

    Look for errors & collisions.
    On a Windows PC/server do this in a CMD box:
    netstat -e
    Look at the errors number.
    Windows doesn't show the collision rate, whatever it might be.

    If you have an unused firewall interface, you could try moving the server to that one, and see if things change.

    I swap the net cables, also it's transfer from different workstations To the server. Thanks again Bruce. I'll check them and also the policy order.

