SonicWALL SOHO 250 Launch Promo with 2 Year AGSS and Cloud Management SonicWALL 'Launch' Promotion: Get two years of SonicWALL's Advanced Gateway Security Suite for the price of one year subscription, PLUS two free years of SonicWALL Capture Security Center. Requires a qualifying trade-in.
New for 2019, SonicWall has added the SOHO 250 & TZ 350 firewalls to its TZ model line designed for small business, small branch offices, & home office network environments.This video review goes over some of the key features and specifications of the SOHO 250 firewall, and the TZ 350 firewall so that you can make a more informed buying decision! Next generation firewalls are integrated cyber security platforms that include a ton of virus-busting features that keep your network secure and productive!Compare more SonicWall products and features by downloading our SonicWall Buyer's Guide.
Hey guys, we just upgraded to a 50Mb fiber connection, from a 2Mb connection and have noticed that the speedtests I'm running behind the sonicwall aren't matching the speeds I'm getting outside of it. The connection is coming to our equipment room from a cat5 cable, and I have it plugged into a 5-port GB switch and have one cable going to the sonicwall and the other to a laptop. We have the Sonciwall Tz-210, and if i run the test from the laptop outside the router i get this speed:If i run it from behind the router i get these speeds:Any ideas on the services, etc that are causing this? Another division that shared the same floor with us moved 4 floors down and also got the same fiber connection. When they run it from behind their TZ200 Wireless-N they get the same speeds like i get from outside the sonicwall.
Ok i pretty much have everything off except IPS on wan interface and so far it seems to only give me the proper speeds for 30 secs right after i restart the sonicwall. I really wish we were told this before we renewed/upgraded to the TZ-210.
It really is unacceptable.P.s Ok with all this off, it looks like the download is now working like it should be, however the up is still at 11Mb-15Mb. IT wierd that the upload is where it's slowing down, i would think the incoming data would be more scrutinized than the outgoing.
Bionixs,That is the same exact behavior we had with a TZ-120. We upgraded to a TZ-210 and everything worked fine. We went up to a 10mb/sec line. Think of their proformance labeling like MPG for cars. You only get that stripped down with no spare tires in the trunk. That's how I think of it anyway. Here are the specs.
Notice the UTM speed rating. You'll probably have to upgrade to something with more uph if you want to see anything close to 50mb/sec. If you turn a lot of their services on the poor device just won't be able to keep up.:(Take a look at the NSA 220. See if they'll give you a trial run. Bionixs wrote:Ok i pretty much have everything off except IPS on wan interface and so far it seems to only give me the proper speeds for 30 secs right after i restart the sonicwall.
![]()
I really wish we were told this before we renewed/upgraded to the TZ-210. It really is unacceptable.P.s Ok with all this off, it looks like the download is now working like it should be, however the up is still at 11Mb-15Mb. IT wierd that the upload is where it's slowing down, i would think the incoming data would be more scrutinized than the outgoing.Your ISP didn't perhaps pull the same bonehead move Veriozon did when installing our FIOS did they? Verizon initially tried getting our suite hooked up to their equipment with a 400' long cat5 cable. We had excellent download but horribly slow upload, less than.5mb. We made them come back out and move their equipment into our suite and all our upload issues went away. Philantill wrote:Before you do anything make sure that your link negotiation on your WAN connection is set right.
Generally such fiber routers do not negotiate correctly with the sonicwall and the sonicwall will sit at 100 half duplex rather than 100 full - which totally kills your speed. The fix is to force the link (say X1) to 100 full duplex and everything settles down.Thanks for the information, but we are getting it from the building who is a wholesaler, so it's coming to our floor through a switch. The problem is that you don't have enough power on that TZ-210, with security services turned on. You have to disable IPS/GAV/Anti-Spyware completely if you want it to reach 50Mbit. Content Filtering does not affect throughput so much.The 'UTM' rating for a TZ-210, which means security services are being used, is 50Mbit.
Every single vendor out there tests firewalls in a vacumm, under ideal conditions, using light UDP traffic. You're lucky if you get 1/3rd of the advertised speed on any vendor. The TZ-210 will cap at about 16Mbit with Security Services turned on, if you switch to performance mode you can prob hit 25-30Mbit.
I would upgrade to an NSA 2400.You increased your Bandwidth by 25x times, but you kept your hardware the same. Staypuft wrote:The problem is that you don't have enough power on that TZ-210, with security services turned on. You have to disable IPS/GAV/Anti-Spyware completely if you want it to reach 50Mbit. Content Filtering does not affect throughput so much.The 'UTM' rating for a TZ-210, which means security services are being used, is 50Mbit. Every single vendor out there tests firewalls in a vacumm, under ideal conditions, using light UDP traffic. You're lucky if you get 1/3rd of the advertised speed on any vendor.
The TZ-210 will cap at about 16Mbit with Security Services turned on, if you switch to performance mode you can prob hit 25-30Mbit. I would upgrade to an NSA 2400.You increased your Bandwidth by 25x times, but you kept your hardware the same.Thanks for the reply, Jumping from a TZ-210 to a NSA 2400 is quite a dollar amount, you don't think the NSA 240 or Nsa 250M could cut it? You'd be cutting it close on on the 240/250. Also, from looking at the new specs, it looks like the 220 is actually 'better' than the 240, except it costs $100 less and doesn't have a PCI card slot.
Actually the 220 has 7Gbit ports as well, instead of only 3 and 2x the memory, so that should definitely be an option. Also, it has the same 'DPI' rating as the 250M too. So if you don't need the module slots, 220 seems like a solid device.I guess you can check with your reseller if there is any sort of return option? Try it out, and if you can't reach those speeds, send back the next day. Just make sure to test with your licensed security services running.
Bionixs wrote:Ok it looks like 100mbit is available for us to purchase. If we did decide to move to that, what model do you think would give me all that (real world traffic) throughput with the utm services turned on?Take the numbers with a grain of salt. For 100 MB, you may want the NSA3500 to have any real shot at acheiving those numbers. We have several of those here but we don't have that bandwidth connected to any of them. I have an NSA240 connected to a 50 MB cable modem for guest access and it slows throughput from about 40 MB/s to 25 MB/s when going through the 240 as opposed to a straight run to a computer. It was even slower until I turned off much of the firewall functionality on the SMC provided router from Comcast.
I might be able to tweak it more but since it is just guest access, I didn't care to spend the time.Edit: And make sure to look at the lowest number, the DPI, when deciding.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |