Netgear FSV318v3 firewall drastically slows down my connection
David
my computers directly to the cablemodem, I see a download speed of
about 25Mbs (acceptable). However, if I insert a brand new Netgear
firewall (it has 100 Mbps WAN connection), my connection speed is
reduced to about 5Mbs.
Any idea what might be going on?
THanks,
David Jameson
DigitalVinyl
Maybe the wan or an inside ethernet connection isn't negotiating to
100Mb/Full duplex. 5 Mbps would be about the limit if any ethernet
device/port was running 10Mb/half duplex.
David
connected to it, and then the firewall to the modem. No other switches
or devices involved - and my computer continues to report that it has a
100Mbs connection.
D
David
called "Turn keyword blocking on", (even though there are no keywords
defined) my download speed goes up from 5Mbs to 6.4Mbs - this is
completely reproducible and makes me nervous that the software in the
firewall is of poor quality.
D
David
enabled. But as a software developer I would make the following
observations:
1) Enabling a checkbox that enables detection of domain names that
should be blocked on the INITIAL request to access that site should not
cause a continuous throughput decrease from 6.5Mbs down to 5Mbs. The
keyword detection is only related to DNS lookup.
2) I don't care how many features are involved - there should NOT be a
decrease in speed from 25Mbs down to 5 or 6Mbs just because of a
firewall.
Both of the above imply a very poor implementation. I simply don't
believe that firewall programs generally should cause that much of a
slowdown.
D
D
David
expecting it to have no more than a small degradation from the 25Mbs
that I'm seeing through a direct modem connection.
--->It would not be "of poor quality" it just means that with all the
features enabled that the unit is not ALSO capable of doing 100mbps -
David
Let F be the firewall
Let M be the modem
Let <--> be the operator such that A <--> B means that A is directly
connected to B
Test 1) C <--> M Download speed = 25Mbs
Test 2) C <--> F <--> M Download speed = 5 Mbs
No other devices were involved in this test - therefore LAN to LAN
speed is irrelevent
----> LAN to LAN speed - do a test between machines INSIDE the lan
Yep - MTU is set to 1500 everywhere.
---> LAN to WAN Speed - have you checked the MTU settings to see if
that's
an issue from your old settings?
Agreed - but I already did these tests before posting on this forum.
--->The MTU setting could greatly impact your service level, and so
could
your choice of testing sites. MTU Settings run anywhere from 1430 to
1500 depending on the type of service, DSL needing lower settings,
Cable allowing higher settings.
Yep - that's why I bought it - and I didn't expect this problem to
arise.
--->The FSV318 is a good device, I've not experienced the problem you
have
when we use them to isolate lan segments.
E.
The WAN port of the FVS318 is 10mb base-T.
E.
E.
Oops, the v3 is 10/100.
E.
E.
Oops part 2: Up to 11.5Mbps WAN-to-Lan throughput, 2.1 MBps 3DES throughput.
E.
David
encryption. I assumed that if the WAN port supports 100Mbs connections,
it can at least handle 30Mbs? Otherwise I've wasted my money.
D
--->Oops part 2: Up to 11.5Mbps WAN-to-Lan throughput, 2.1 MBps 3DES
throughput.
David
connections. I'm not using the VPN feature - just basic internet
connectivity.
>From a cursory Google search for "firewall throughput", I'm seeing that
typical WORSE case download speeds when using firewalls are at least
60Mbs.
So is the Netgear a dud? Or is there some hidden adjustment that needs
to be made to it?
Thanks,
D
David
about a different router but the symtoms look very similar, don't they?
Sounds like Netgear is bogus - I'm going to return it tomorrow and
find something better.
David
--->HA! I found it! If I have Keyword blocking turned on my bandwidth
is limited to about 190k. All I did was turn off Keywork blocking and
remove the one web site I'd blocked (myspace.com) and I have the full
speed of the cable back.Yet another problem with Netgear.
E.
The 11.5Mbps Wan-to-LAN throughput (i.e. maximum download speed) was
straight out of Netgear specs for that model. I guess Netgear's
documentation is bodgy too.;-)
Good to hear you got it sorted tho.
Cheers,
E.
David
will give me the throughput that the modem allows.
I appreciate all the responses from people. I definitely will not be
recommending Netgear to anyone anymore.
optikl
which I'm very pleased with. I can't say that it will handle your 30
Mbps band-width, but you can check their web-site for details.
Rod Engelsman
I wouldn't slam them too hard. It's advertised as a broadband router.
For the vast majority, broadband means 1.5 or maybe 3 Mbps. Connections
like your's are a relatively new phenomenon on the market. I only wish I
had your problem. (He says from behind a 512K satellite link...)
--
Rod
Rod Engelsman
The WAN port supports 100 Mbps because a) 10/100 NICS are cheap as dirt,
and b) 11.5 is bigger than 10.
--
Rod
David
connection, it's not unreasonable to assume that the connection speed
should be more than 5 or 6 Mbs, don't you think?
D
--->I wouldn't slam them too hard. It's advertised as a broadband
David
of are Cisco (probably too expensive) and SonicWall.
D
-->I got rid of my Netgear and got a Check Point product (500 W UTM),
David
normally use the news reader in Outlook Express but I'm currently
connecting from a Linux box and I've never found a decent newsreader in
Linux that I liked :-)
--->You really need to get a Usenet client that properly quotes people,
you're sucks (forgive the wording).
See my response from "Sat, Mar 25 2006 10:46 pm" where I indicated
quite clearly (I thought) that the MTU was set to 1500 everywhere.
--->If you didn't adjust the MTU setting, while is in the instructions,
then
you might not be getting what you need - you also didn't say if you
adjusted it or not in your reply.
Don't be condescending. I already pointed out that although the feature
was enabled, there were no actual keywords to test against. Even if
there were, this should not cause 20% degradation in throughput - think
about how the algorithm should be working - if it's set to block a
particular website, then it's going to check the OUTGOING http request
for a match --- that shouldn't have ANY significant impact on the
speed of the INCOMING data.
--->As for bad software, consider this, any time you enable a filtering
feature it has to execute SOME code, that code takes CPU Time (you do
understand that the device has some form of CPU, right?), and that
means
it will decrease performance for other things.
David
of degradation - I didn't go to vendor sites - I went to a store and
bought a device that claimed to support a 100Mbs WAN port - it seemed
reasonable to assume that I'd get at least 20 or 25 Mbs out of it. 5
or 6Mbs isn't even CLOSE to reasonable.
--->Why the heck would you assume anything - the specs are right on the
vendors site, please learn to read them before you make another
mistake.
Understood - but even the cheap sonicwall boxes are claiming at least
60Mbs throughput and they're not that much more expensive than the
Netgear devices.
--->Firewalls don't process at wire speed, they have a defined rate
that
they can process traffic at, it's been that way for ages.
David
relevently, that information is not on the box (no surprise, I suppose)
--->Except that the Netgear does what it's spec'd to do.
One doesn't always have time to sit down and research the entire
firewall market. My assumptions seemed reasonable - I suspect a lot of
people will fall into a similar trap - in the worst case, this
newsgroup thread will be helpful to others.
--->Why did you not understand that you need to read the through-put
specs on any firewall
to determine if it's going to meet your needs.
Obviously - now that I know!
--->Before you make another choice, read the detailed specs to see what
the
throughput rating is, and it's not the port speed, it's listed in the
specs.
David
--->Up to 11.5Mbps WAN-to-Lan throughput
I appreciate your feedback - I'm off to look at higher end firewalls.
D
David
either. If you don't like the way Google handles groups then complain
to them. It's not necessary for you to tell me what client I should use
- if you don't like what you see, then just ignore me! I'm sure there's
a "Block this sende" in your client!
--->That's no excuse, PAN and ThunderBird do Usenet without any
problems.
Sure I do - at least to some extent- but I simply didn't expect
performance to be impacted THAT much. I'm not (nor to I want to be) a
firewall expert. "Cheap" is a relative term - I remember when a 300
baud modem cost thousands of dollars - now a broadband modem costs $50.
Cheap does not imply subpar.
--->Then you don't understand features and how the impact performance.
Like
it or not, it's a CHEAP device and you should expect some trade-offs vs
a real firewall.
Thank you - it must be nice to be you - all-knowing and so forth. I
guess I'm just not as smart as you - I hope there's still room for me
on the planet!
I wonder where in the store I could have read the throughput spec? The
very detailed product specs on the side of the box (which I did read in
the store, taking more than 5 minutes) didn't include the throughput
number - otherwise I would have noticed it immediately. Is it your
conjecture that people should never go to a store for anything without
having done a detailed analysis in advance? Where is the time for such
analysis? The good news is that the store will take the product back.
--->Your assumptions are not reasonable, they were ignorant and ill
informed. If you took 5 minutes to read the specs on the device you
were
purchasing you would have seen the real performance stats.
D
gr
> I just upgraded to Cablevision's new 30Mbs service. If I connect one of
> my computers directly to the cablemodem, I see a download speed of
> about 25Mbs (acceptable). However, if I insert a brand new Netgear
> firewall (it has 100 Mbps WAN connection), my connection speed is
> reduced to about 5Mbs.
>
> Any idea what might be going on?
>
> THanks,
> David Jameson
>
rated at 75mbps and 20mb/s vpn. Programming is cludgy, but I never did
it before, so others may think that is ok.
Some specs are listed here:
http://www.smartways.net/enterpriseSecurity/netScreen.asp
BTW: I just found out the router (Cisco 1601r) that is before this thing
has a special serial connection that is limited to 2mbps, so when I
switch from the half T I use now to 4mbps dsl, I have to change this
router also!
Now I just found out the 1605 I was going to use also has a limit of
2mb/s!! I guess I need to get a better one!!
Here are some links, the router performance one is esp good!
Cisco_806
(http://www.cisco.com/warp/public/cc/pd/rt/800/prodlit/806bg_ds.htm)
http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf
gr