T35 and Gig Speed: Why I am not getting close to GIG SPEED?
Until recently, our Comcast speed was around 200mbps. The speed tests (speednet) showed about that much speed in general behind the firewall. We upgraded to 1 gig speed and connections before the firewall, we do get that. But behind the firewall, the speeds are still 150mbps ish. I have been searching the internet and do not see reported problems like I am having. I did set all interfaces to 1000mps/duplex but it did not do a thing.
Even with Anti virus and scanning, I should be able to get around 300mps but not even close.
Am I missing something? I want to get even half the gig speed I am paying for behind the firewall.
Thanks
Best Answer
-
james.carson Moderator, WatchGuard Representative
Hi @ncharlie99
The speed/duplex on the firewall itself won't be the issue unless you're seeing errors on the interfaces like collisions or overruns that suggest a speed/duplex is a problem. It was most likely that the interfaces were negotiating at gigabit speed.T35 is an older device that was never designed to push gigabit speeds. I'd expect that you could likely get it to the upper 300s or lower 400s with most services off (basically just a packet filter allowing everything out.)
If you're looking to get more throughput out of your device, I'd suggest opening a support case so that our team can look at your configuration with you and recommend any changes.
A newer appliance like a T80 would get you closer to gigabit. An M290 would likely be able to push data at or near gigabit speed with security services on.
We keep a sizing tool here that allows you to select parameters to find a firewall that best suits your requirements:
https://www.watchguard.com/wgrd-resource-center/watchguard-appliance-sizing-toolHere are the datasheets and docs for the two firewalls I mentioned:
https://www.watchguard.com/wgrd-resource-center/docs/firebox-t80
https://www.watchguard.com/wgrd-resource-center/docs/firebox-m290-and-m390
If you do have an active support contract on your T35, unused time on the old appliance can be moved to the new one as part of the trade-up process should you elect to do so.
Keep in mind when looking at datasheets that throughput numbers are how much data the firewall can push out all of its interfaces, and testing one data stream from one internal network to one external network likely is not going to match those numbers. Our throughput testing methodology is designed around IETF's RFC 2544.
TL;DR: The T35 is probably getting about the speeds it'll get on modern firmware with security services on. If you're looking for gigabit speeds on our appliances with security services turned on you'll likely want to look at an M290 or better.
-James Carson
WatchGuard Customer Support0
Answers
Make sure that you are doing your speed test using a packet filter.
Choose a speed test server site which has a low latency - 20 ms or lower.
Many of the throughput figures are for aggregate traffic, not for single stream traffic.
However, I would expect something around 300 Mbps as a max single stream result.
I tried 3 different web sites that test speed and they are all about the same with speeds 150 or slower.
What site do you recommend?
Have you tried using a Windows based speed test app?
Speedtest.net has one
As does Ookala
Yes, I have been using speedtest by Ookala (my goto tester)
For my tests, the server with the lowest latency (lowest ping time) gives the highest speed test results.
For a Comcast connection, a Comcast server will likely give the best (fastest) results.
Its Speedtest.net by Ookala going to Comcast servers. We upgraded to Comcast Business gig speed. So pretty much everything is Comcast
Try this test:
https://speedtest.xfinity.com/
I did and download speeds are still around 200mps
Thank You,
I do not need gig speed for now through the firewall but I would like to up the speed if I can.
However, I thought the T35 was gig speed ready. We got it only 2 years ago.
I will open a support case later in January when I have free time to tinker with the box.
Also, we are a small office and the few thousand bucks spent on a new Firewall gets a little ridiculous when all I am looking for is some faster throughput to complement faster internet speeds
If I know my firewall cannot handle gig speeds, I can spend less money on less than gig speed internet from Comcast
Or not renew services with Watchguard that slow down the speed.
Thanks