Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 25378 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Speed through UTM 9

Claus BrochChristensen

Hi,

I just upgraded my external internet connection to 300 Mbit. I am running UTM in an elderly PC with 3 Gbit nics.

I verified speed directly on the connection, I verified all cables and nics to support and run gigabit.

My issue is, that even on cable connections, as soon as I go through the UTM, I cannot reach more than 80-90 Mbits. I cannot find any logs to indicate the limitations. 

An possible explanation would be, that nics are not running at Gbit - even though they support it (Intel 82541 Gbit adapter). Can that be verified somewhere in UTM logs?

 

Any suggestions / ideas / anything? Where to look?

 

Best regards

Claus, DK



This thread was automatically locked due to age.
Parents
  • 0

    Hi Claus,

    Any insight after checking #7 in the Rulz by Bob?

    Cheers-

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi,

    thank for the suggestion. I checked as much as possible:

    1. Does not apply – I do, however, have a Realtek 8139 onboard NIC for my DMZ. I assume that should not influence the internal→external running on Intel
    2. Confirmed
    3. Completely block communication ?!?
    4. No change
    5. No change
    6. Not possible – however testing directly there, the speed is as expected
    7. Tried, however the switch is not managed – and externally on the ISP equipment I do not have access to that tuning. Changing on the UTM didn’t yield any difference – at least not to the better: Running the UTM at fixed FD1000 was bad.
    8. My NICs for internal and external are indeed Intel, the Intel Corporation 82541PI Gigabit Ethernet Controller. Could that be influenced by the bug? Since the MB in the host only support PCI my options are a bit limited.
      • Could it be a limitation related to the motherboard bus?

     

    Does that shed light on anything?

    BR, Claus

  • +2 in reply to Claus BrochChristensen

    Claus, you won't get much better speed than that with your old CPU.  If you temporarily disable Intrusion Prevention (Snort), you should see a substantial increase, but you probably can't get to 300Mbps unless you also disable antivirus and Application Control.  Even then, maybe not.  Since Snort is single-threaded, only one of the newest, fastest Intel processors will get you close to 300 with Intrusion Prevention active.

    At the top of the Hardware & Installation forum, you will find a thread that's an unofficial HCL.  You might want to read the last page or two of that thread.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    thank you.

    1) Yes - disable IPS certainly helps: 190/200 Mbit

    2) Do you have Web Protection, Application Control and Endpoint Protection, Antivirus in mind?

    Thank for the reference to the unofficial HCL, which I have browse. However, few cases which actually mentions the throughput, so limited progress.

    In your opinion: Main bottleneck would be the CPU?

    Best regards

  • 0 in reply to Claus BrochChristensen

    I have tested a UTM120 vs my self-build Celeron J1900 setup, CPU power DOES make a difference, even when you're not using IPS. my WLAN throughput with UTM120 was around 25 MBit/s, with the J1900 it went up to 35 MBit/s with the same Sophos AP15 as Accesspoint. My internet connection is 200/10 MBit.

    I don't know where my poor WLAN speed generally comes from, maybe too much WLANs in the neighborhood as I was having bad speed even without an UTM and AP15... sender and receiver are in the same room. Sometimes it's hard to stream in 1080p from Amazon Prime or any other streaming services.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • 0 in reply to BAlfson

    BAlfson said:

    Claus, you won't get much better speed than that with your old CPU.  If you temporarily disable Intrusion Prevention (Snort), you should see a substantial increase, but you probably can't get to 300Mbps unless you also disable antivirus and Application Control.  Even then, maybe not.  Since Snort is single-threaded, only one of the newest, fastest Intel processors will get you close to 300 with Intrusion Prevention active.

    At the top of the Hardware & Installation forum, you will find a thread that's an unofficial HCL.  You might want to read the last page or two of that thread.

    Cheers - Bob

     
    Thanks for your help Bob!
     

    I read this thread with great interest as I had just upgraded my network from 45/5mbps to 100/20mbps and saw zero throughput increase through the UTM but was getting very close to  quoted wire-speed when connected directly to the Uverse box. I had already done everything in "Rulz #7" that was applicable before coming here, even swapping the on-board Realtek RTL8111DL with one of the add-in Intel with one of the Intel 82541GI add-on ports even though the Realtek is perfectly able to handle 100mbps, and nothing changed. I came here hoping to find some help and got the answer right away.

    I didn't worry about my CPU as it generally idled at 7% and only spiked to around %35. Unfortunately I had no idea snort wasn't multi-threaded. WTF is the snort project thinking? They should have hopped on that bandwagon as soon as it was apparent that multi-core processors were going to be the norm. Especially no excuse now that Cisco owns them.

    Might I suggest that you add the IPS suggestion to "Rulz #7?"

    One thing though; I'm curious about your statement that one would need one of the newest, fastest Intel processors to see 300mbps IPS throughput. After my experience I was curious as to what hardware Sophos puts in their UTMs. Even the lowest-end SG105 quotes 350mbps IPS throughput. Sophos coyly doesn't provide details as to the hardware it uses, but it does state it's power usage is "4.83W idle, and 9.84W fully loaded." This is either an ARM or Intel embedded/mobile processor. So perhaps you meant a modern embedded Intel processor? Obviously my D525 can't handle it, but I bet a modern Atom or Celeron could. I don't suppose you know what processor and NICs are in the SG105s?

     

    Again, thanks for your help Bob. You continue to be one of the most helpful participants on this board.  :-)

     

    On a personal note, I grew up in Stillwater, BTW. ;-)

Reply
  • 0 in reply to BAlfson

    BAlfson said:

    Claus, you won't get much better speed than that with your old CPU.  If you temporarily disable Intrusion Prevention (Snort), you should see a substantial increase, but you probably can't get to 300Mbps unless you also disable antivirus and Application Control.  Even then, maybe not.  Since Snort is single-threaded, only one of the newest, fastest Intel processors will get you close to 300 with Intrusion Prevention active.

    At the top of the Hardware & Installation forum, you will find a thread that's an unofficial HCL.  You might want to read the last page or two of that thread.

    Cheers - Bob

     
    Thanks for your help Bob!
     

    I read this thread with great interest as I had just upgraded my network from 45/5mbps to 100/20mbps and saw zero throughput increase through the UTM but was getting very close to  quoted wire-speed when connected directly to the Uverse box. I had already done everything in "Rulz #7" that was applicable before coming here, even swapping the on-board Realtek RTL8111DL with one of the add-in Intel with one of the Intel 82541GI add-on ports even though the Realtek is perfectly able to handle 100mbps, and nothing changed. I came here hoping to find some help and got the answer right away.

    I didn't worry about my CPU as it generally idled at 7% and only spiked to around %35. Unfortunately I had no idea snort wasn't multi-threaded. WTF is the snort project thinking? They should have hopped on that bandwagon as soon as it was apparent that multi-core processors were going to be the norm. Especially no excuse now that Cisco owns them.

    Might I suggest that you add the IPS suggestion to "Rulz #7?"

    One thing though; I'm curious about your statement that one would need one of the newest, fastest Intel processors to see 300mbps IPS throughput. After my experience I was curious as to what hardware Sophos puts in their UTMs. Even the lowest-end SG105 quotes 350mbps IPS throughput. Sophos coyly doesn't provide details as to the hardware it uses, but it does state it's power usage is "4.83W idle, and 9.84W fully loaded." This is either an ARM or Intel embedded/mobile processor. So perhaps you meant a modern embedded Intel processor? Obviously my D525 can't handle it, but I bet a modern Atom or Celeron could. I don't suppose you know what processor and NICs are in the SG105s?

     

    Again, thanks for your help Bob. You continue to be one of the most helpful participants on this board.  :-)

     

    On a personal note, I grew up in Stillwater, BTW. ;-)

Children
Unfiltered HTML