We'd love to hear about it! Click here to go to the product suggestion community
I'm getting gigabit Internet in a couple of weeks. I had been using a small lab firewall from work at home that's only good for 50Mbps with threat prevention enabled. So I researched Sophos UTM hardware in their appliances for gigabit systems, and purchased a new PC (components I put together myself):
Intel Core i5-6500 (3.2GHz, quad-core)
128GB SSD drive
2 identical gigabit NICs
I was not able to get UTM to install, so I found XG, and installed that, which went smoothly. I was very happy with XG, until now.
Currently I'm on U-verse with their fastest speed. When connected directly into the U-verse router, speedtest.net shows 80Mbps download. When I connect to a gigabit switch connected to the LAN interface of my new XG firewall, the best I get is 9.5Mbps. This is with or without the threat protection features enabled.
What the heck is going on? I find it hard to believe that with the specs I have on this computer, that I can't do any better than 10Mbps. Am I missing something really obvious? I haven't touched QoS.
I should also mention some system stats:
CPU utilization is almost non-existent. I'm currently at 99% idle. It has never gone over 9% utilization.
Memory used is 2.3GB.
Load average is 1.21.
Do you have TCP Flood attack type enabled under System > System Services > DoS & Spoof Protection ? It will influence in great any speed testing tool, in my experience.
In reply to vilic:
Thank you for the reply.
None of the flood attack types have the "Apply Flag" checkbox checked. I'm assuming that's how they're enabled. I don't see any other method for enabling them.
what NICs are you using?
I found with my XG home it auto-negotiated to 100Mbps even though I had gigabit NICs. Not sure why it happened but I was able to go into the advanced settings of each NIC on the XG and manually set it to 1000Mbps and that solved the problem.
In reply to lferrara:
They're RealTek, but your question got me looking at the NIC settings. I don't know why I didn't think to look at that sooner. Both NICs were showing 10Mbps auto/auto. I don't know why they autonegotiated to only 10. I set them both manually to 1000 and now my speeds are normal again. I went back to auto/auto, and they both show 1000 now. Strange. I'll leave them hardcoded to 1000 just to be safe.
Thanks for the replies! I'm glad I don't have to panic and find another solution. I'm still a bit worried that this firewall won't keep up with a gigabit Internet line, but we'll see.
In reply to Chibana:
FYI, my home-built PC firewall keeps up just fine with my gigabit Internet, with download speed tests hitting just under a full 1Gbps; however, upload speed tests are maxing out around 250Mbps. I've even tried with all of the protection features disabled on this rule and still get the same result. Why would this firewall be 4x as fast for downloads than uploads?