Firewall speed limits

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
craiggsmith
Senior Member
Posts: 711
Joined: Sun Sep 12, 2010 2:14 pm
Location: South Jordan, Utah

Firewall speed limits

Postby craiggsmith » Thu Feb 23, 2012 12:35 pm

We just got hi speed internet - hooray! Testing shows that the firewalls limit bandwidth to about 5 Mbps. Is that per port or for the whole thing?

If we hook up our webcast connection directly to the modem, bypassing the firewall (which is what facilities has done), does this mean I don't have to bother disconnecting everyone else as I'll have plenty of untouched bandwidth?
Craig
STS
South Jordan, UT

User avatar
rbeede
Member
Posts: 201
Joined: Sat Apr 02, 2011 12:33 pm
Contact:

Postby rbeede » Thu Feb 23, 2012 3:24 pm

The firewall does not limit the bandwidth. Note that wireless connections are slower than wired. There is no QoS settings on the Church firewall hardware which generally means wired connections have a better chance of getting more bandwidth than wireless connections since almost nobody uses fair-queuing on their switch/router hardware either.

What model of firewall?

craiggsmith
Senior Member
Posts: 711
Joined: Sun Sep 12, 2010 2:14 pm
Location: South Jordan, Utah

Postby craiggsmith » Thu Feb 23, 2012 3:34 pm

I'm seeing this with both the ASA 5505 and 881W. The network contractor said it did, so I tested it by connecting directly to the modem and then to the firewall, both via cable. Numerous tests were all in the 5 Mbps range through the firewall, but connected directly in the 12-18 Mbps range (download). Upload speeds were around 5 regardless.
Craig
STS
South Jordan, UT

User avatar
rbeede
Member
Posts: 201
Joined: Sat Apr 02, 2011 12:33 pm
Contact:

Postby rbeede » Thu Feb 23, 2012 7:46 pm

If you have DSL and the DSL device is a router (it does NAT and can handle multiple clients) then you can just bypass the firewall for that 1 specific device (webcast) without causing a security issue and get the unused bandwidth.

Was the 881W configured and programmed by the network contractor or was it purchased through the official Church channel and activated per the instructions on the wiki? If the contractor didn't actually active the firewall with CHQ then it may be configured to limit bandwidth.

At first setup (CHQ activation) the firewall has to download for a while to load everything too.

How is the wireless performance?

User avatar
rbeede
Member
Posts: 201
Joined: Sat Apr 02, 2011 12:33 pm
Contact:

Postby rbeede » Thu Feb 23, 2012 7:47 pm

You may want to also downgrade with your ISP to save some Church funds.

dfdavis
New Member
Posts: 31
Joined: Tue Nov 03, 2009 1:41 pm
Location: USA

Postby dfdavis » Fri Feb 24, 2012 5:49 am

rbeede wrote:You may want to also downgrade with your ISP to save some Church funds.

Our Stake center is getting almost 23 behind the firewall. Is no one going to say anything about bypassing a firewall?
Donald F. Davis Jr.
Stake IT
Bloomington Indiana :)

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Fri Feb 24, 2012 6:44 am

I've had the GSC multiple times ask me to bypass the Firewall under certain circumstances, testing, and a webcast. I don't think we're doing anything earth shattering for an hour while the firewall is bypassed to upload data for a webcast, particularly if that means nobody else in the building can connect to the Internet anyway because the Firewall is unplugged.

User avatar
rbeede
Member
Posts: 201
Joined: Sat Apr 02, 2011 12:33 pm
Contact:

Postby rbeede » Fri Feb 24, 2012 7:03 am

@craiggsmith

I'd say your firewall has some kind of configuration or hardware issue to make it that slow. I'd talk with the Global Support Center (http://tech.lds.org/wiki/Global_Service_Center_-_IT_Support) about checking your firewall otherwise you are just wasting potential speed and money with your Internet connection.

sammythesm
Member
Posts: 220
Joined: Tue Jan 05, 2010 2:50 pm
Location: Texas, United States
Contact:

Postby sammythesm » Fri Feb 24, 2012 7:43 am

I ran a few tests - if I use speedtest.lds.org, i always get between 5.25 and 5.5mbps, even though our internet connections are much faster than that. If I use speakeasy.net/speedtest, I get much nearer the right download/upload speed.

So - I suspect those who are seeing the 5mbps cap are just experiencing a limitation of speedtest.lds.org - try a different speed test and see if you get a different result. The other possibility is that speedtest.lds.org is measuring traffic speed through the VPN tunnel which may very well be capped at a lower speed in order to keep up with the encryption/decryption of packets. (though, from my understanding, the VPN is configured as a split tunnel, so only traffic to specific church servers passes through the tunnel and the rest goes out the WAN connection normally.)

User avatar
rbeede
Member
Posts: 201
Joined: Sat Apr 02, 2011 12:33 pm
Contact:

Postby rbeede » Fri Feb 24, 2012 7:46 am

I just tried speedtest.lds.org from home with only 6mbps while other sites show 24mbps. Good observation!


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest