I just upgraded to Cablevision's new 30Mbs service. If I connect one of my computers directly to the cablemodem, I see a download speed of about 25Mbs (acceptable). However, if I insert a brand new Netgear firewall (it has 100 Mbps WAN connection), my connection speed is reduced to about 5Mbs.
Any idea what might be going on?
THanks, David Jameson
Maybe the wan or an inside ethernet connection isn't negotiating to
100Mb/Full duplex. 5 Mbps would be about the limit if any ethernet device/port was running 10Mb/half duplex.When I inserted the Netgear firewall, I just had the same computer connected to it, and then the firewall to the modem. No other switches or devices involved - and my computer continues to report that it has a
100Mbs connection. D
You have to determine a couple things:
1) LAN to LAN speed - do a test between machines INSIDE the lan 2) LAN to WAN Speed - have you checked the MTU settings to see if that's an issue from your old settings?The MTU setting could greatly impact your service level, and so could your choice of testing sites.
MTU Settings run anywhere from 1430 to 1500 depending on the type of service, DSL needing lower settings, Cable allowing higher settings.
The FSV318 is a good device, I've not experienced the problem you have when we use them to isolate lan segments.
By the way, I discovered that if I disable the checkbox in the firewall called "Turn keyword blocking on", (even though there are no keywords defined) my download speed goes up from 5Mbs to 6.4Mbs - this is completely reproducible and makes me nervous that the software in the firewall is of poor quality.
D
It would not be "of poor quality" it just means that with all the features enabled that the unit is not ALSO capable of doing 100mbps - you do know that firewalls are rated in throughput for various activities?
But the features are NOT all enabled - indeed NONE of the features were enabled. But as a software developer I would make the following observations:
1) Enabling a checkbox that enables detection of domain names that should be blocked on the INITIAL request to access that site should not cause a continuous throughput decrease from 6.5Mbs down to 5Mbs. The keyword detection is only related to DNS lookup.2) I don't care how many features are involved - there should NOT be a decrease in speed from 25Mbs down to 5 or 6Mbs just because of a firewall.
Both of the above imply a very poor implementation. I simply don't believe that firewall programs generally should cause that much of a slowdown.
D DBy the way, I wasn't expecting it to do 100Mbs throughput - I was expecting it to have no more than a small degradation from the 25Mbs that I'm seeing through a direct modem connection.
--->It would not be "of poor quality" it just means that with all the features enabled that the unit is not ALSO capable of doing 100mbps -
Let C be my computer Let F be the firewall Let M be the modem Let be the operator such that A B means that A is directly connected to B
Test 1) C M Download speed = 25Mbs Test 2) C F M Download speed = 5 Mbs
No other devices were involved in this test - therefore LAN to LAN speed is irrelevent
----> LAN to LAN speed - do a test between machines INSIDE the lan
Yep - MTU is set to 1500 everywhere.
---> LAN to WAN Speed - have you checked the MTU settings to see if that's an issue from your old settings?
Agreed - but I already did these tests before posting on this forum.
--->The MTU setting could greatly impact your service level, and so could your choice of testing sites. MTU Settings run anywhere from 1430 to
1500 depending on the type of service, DSL needing lower settings, Cable allowing higher settings.Yep - that's why I bought it - and I didn't expect this problem to arise.
--->The FSV318 is a good device, I've not experienced the problem you have when we use them to isolate lan segments.
Oops, the v3 is 10/100. E.
Oops part 2: Up to 11.5Mbps WAN-to-Lan throughput, 2.1 MBps 3DES throughput. E.
You lost me here - isn't 3DES an encryption protocol? I'm not using encryption. I assumed that if the WAN port supports 100Mbs connections, it can at least handle 30Mbs? Otherwise I've wasted my money. D
--->Oops part 2: Up to 11.5Mbps WAN-to-Lan throughput, 2.1 MBps 3DES throughput.
Ah I realised after my previous response that you're talking about VPN connections. I'm not using the VPN feature - just basic internet connectivity.
typical WORSE case download speeds when using firewalls are at least
60Mbs.So is the Netgear a dud? Or is there some hidden adjustment that needs to be made to it?
Thanks, D
I found the post below on the Netgear user forum - they're talking about a different router but the symtoms look very similar, don't they? Sounds like Netgear is bogus - I'm going to return it tomorrow and find something better. David
--->HA! I found it! If I have Keyword blocking turned on my bandwidth is limited to about 190k. All I did was turn off Keywork blocking and remove the one web site I'd blocked (myspace.com) and I have the full speed of the cable back.Yet another problem with Netgear.
The 11.5Mbps Wan-to-LAN throughput (i.e. maximum download speed) was straight out of Netgear specs for that model. I guess Netgear's documentation is bodgy too.;-)
Good to hear you got it sorted tho. Cheers, E.
Well, now I have to find out what kind of a firewall I can get that will give me the throughput that the modem allows.
I appreciate all the responses from people. I definitely will not be recommending Netgear to anyone anymore.
I got rid of my Netgear and got a Check Point product (500 W UTM), which I'm very pleased with. I can't say that it will handle your 30 Mbps band-width, but you can check their web-site for details.
I wouldn't slam them too hard. It's advertised as a broadband router. For the vast majority, broadband means 1.5 or maybe 3 Mbps. Connections like your's are a relatively new phenomenon on the market. I only wish I had your problem. (He says from behind a 512K satellite link...)
You really need to get a Usenet client that properly quotes people, you're sucks (forgive the wording).
If you didn't adjust the MTU setting, while is in the instructions, then you might not be getting what you need - you also didn't say if you adjusted it or not in your reply.
As for bad software, consider this, any time you enable a filtering feature it has to execute SOME code, that code takes CPU Time (you do understand that the device has some form of CPU, right?), and that means it will decrease performance for other things.
How about following what I sad and letting us know if it made any difference?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.