X1250e Underperforming at ~390-400Mbps

Firstly, I appreciate our Firebox x1250e is old and out of support now but we have an issue that somebody can hopefully provide assistance with.

We have recently upgraded our WAN line to 1Gbps (100Mbps before). From the documentation, our X1250e should be able to pass ~1.5Gbps.

We are running a simple firewall in routed mode with no proxy/VPN or anything and have an issue where the x1250e is only able to achieve around ~390-400Mbps.

It seems to be behaving like an X550e even though it has a full license for X1250e.

We are running Fireware XTM v11.3.8.B451218 and managing with WSM v11.10.4.

Is this a configuration issue? Is there any way to resolve this?

Thank you for your help in advance.

Comments

  • James_CarsonJames_Carson WatchGuard Representative

    Hi @ianstephens

    Thanks for writing,

    The firewall throughput number you're referencing is a figure that expresses how much data the firewall can move in total across all interfaces under very specific tests, and won't be a realistic number that for moving data from (for instance) a trusted to external interface.

    For most circumstances, moving data between two interfaces on a x1250e will see something along 350ish Mbps. Please keep in mind that those tests were run many years ago, with hardware and loads from the time the firewall was supported.

    For a firewall of that era, you'd likely need one of the Firebox Peak x8500e, and that still may not pass a full gig.

    Current hardware that is designed to handle gigabit traffic at speed would be the T70 or M270 firewalls.

    (WatchGuard Firebox T70)
    https://www.watchguard.com/wgrd-products/tabletop/firebox-t70

    (WatchGuard Firebox M270 & M370)
    https://www.watchguard.com/wgrd-products/rack-mount/firebox-m270-m370

    We have a sizing tool that might be helpful here:
    https://www.watchguard.com/wgrd-resource-center/watchguard-appliance-sizing-tool

    With the above in mind, the entire Firebox X series hasn't seen a software security update since 2015. I would not recommend running a firewall that is that old, as there have been many updates to Fireware since that cover software vulnerabilities.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • James:
    Where can prospective Firebox purchasers find out 2 interface (ie. trusted - external) expected throughput values such as you have posted above?

  • James_CarsonJames_Carson WatchGuard Representative

    Hi @Bruce_Briggs
    A good place to start is the IPS or UTM figures on a datasheet, as those will be the numbers most customers are actually interested in.

    IPS is the closest figure to a straight packet filter that is tested.
    UTM will show with IPS, GAV, and proxy services on.

    Unfortunately, current tests aren't run on the end-of-life firewalls, so aside from the tests that were run on the firewalls at the time, attainable speed will be a bit of a guess.

    The WatchGuard Product Matrix page in the partner resources page (in the partner portal) is a good quick reference, otherwise the appliance sizing tool in my previous post will get you those numbers based off the data you put in.
    https://watchguard.force.com/customers/resourcecenter

    Thank you,

    -James Carson
    WatchGuard Customer Support

Sign In to comment.