Tips for troubleshooting speed and throughput issues on a SonicWall firewall

Description

Troubleshooting throughput Issues. When you test the throughput of your connection with out the SonicWall in the equation you get different results to when it is in the network setup.

Resolution

  • Monitoring
     If you have the comprehensive security bundle you should be able to see the performance of the CPU's on the SonicWall. On all models you should be able to check the connection Log. Click Investigate in the top navigation menu and click Connection Logs to get an idea of the traffic flowing through the SonicWall.
     Hosts with hundreds of connections to the internet would require some investigation. Also, if you are using something like Sonicwall Analytics, MRTG or Cacti you should be able to see the CPU utilization as well as network traffic. If the network traffic is high while you aren't running the test, this would explain why you don't get the expected results. If the CPU load is high, this will have a negative impact on the throughput of the SonicWall.
  • Turn off unnecessary services on the SonicWall
     Each security service that you turn on will inspect traffic that passes through the SonicWall. This in turn places a load on the CPU which will, in turn, have a negative impact on the throughput. 
    Things to check are
     (a) Stop the packet monitor. Click Investigate in the top navigation menu and click Packet Monitor.
     (b) Set the logging level to informational. Click Manage in the top navigation menu. Click Log Settings | Base Setup.
     (c) While in logging, set the Name Resolution to none. Click Manage in the top navigation menu and Click Log Settings | Name Resolution.
     (e) Check that there are no unnecessary NAT policies .Click Manage in the top navigation menu. Click Rules | NAT Policies.
     (d) Check that there are no unnecessary firewall rules . Click Manage in the top navigation menu. Click Rules | Access Rules.
  •  Set the Link Speed Manually
     Rather than let the SonicWall Auto-Negotiate the link speed you can try to set it to the best speed that it can handle.
     Click Manage in the top navigation menu. Click Network | Interfaces and click the configure button for the WAN interface and then going to the advanced tab. In here you can change the Link Speed from Auto-Negotiate to the highest possible (must also update manual speed on downstream device).
  • Maximum Security and Performance Optimized settings under Security Services settings
     You can "dial down" the security services to make them less paranoid and not as CPU intensive. Click Manage in te top navigation menu. Click Security Services | Base Setup . Down that page under the Security Services Settings Heading there is a drop down that lets you choose between Maximum Security and Performance Optimized.
  • Change the Maximum Transmission Unit (MTU) Size on the WAN interface
     This only really applies when you are connection via PPPoE via the WAN side of the SonicWall but it may apply to other similar situations. Before you modify this setting, you will need to find the maximum size that is supported by your ISP. Your ISP may be able to furnish you with this information or you can follow this guide to find it.
     Once you have the MTU size you can change the MTU for the WAN interface. Click Manage in the top navigation menu. Click Network | Interfaces click on the configure button for the WAN interface and then Advanced. Some of the more common sizes are 1492, 1474, 1468.
  •  Check the specifications of the SonicWall
    You may need to check if the SonicWall is certified to carry the throughput from your network or if it can match the throughput of your internet connection. You might also consider moving some of the services from the SonicWall to dedicated devices.

    EXAMPLE:  you could move the email scanning to a dedicated Email Security Appliance.

Related Articles

  • 「ファームウェアの同期」でファームウェアがダウングレードされる
    Read More
  • How to export and import connection profiles in NetExtender
    Read More
  • Unable access High availability idle device using monitoring IP address
    Read More
not finding your answers?
was this article helpful?