Firewall speed limits
-
- Senior Member
- Posts: 851
- Joined: Sun Sep 12, 2010 3:14 pm
- Location: South Jordan, Utah
Firewall speed limits
We just got hi speed internet - hooray! Testing shows that the firewalls limit bandwidth to about 5 Mbps. Is that per port or for the whole thing?
If we hook up our webcast connection directly to the modem, bypassing the firewall (which is what facilities has done), does this mean I don't have to bother disconnecting everyone else as I'll have plenty of untouched bandwidth?
If we hook up our webcast connection directly to the modem, bypassing the firewall (which is what facilities has done), does this mean I don't have to bother disconnecting everyone else as I'll have plenty of untouched bandwidth?
Craig
South Jordan, UT
South Jordan, UT
- rbeede
- Member
- Posts: 205
- Joined: Sat Apr 02, 2011 1:33 pm
- Contact:
The firewall does not limit the bandwidth. Note that wireless connections are slower than wired. There is no QoS settings on the Church firewall hardware which generally means wired connections have a better chance of getting more bandwidth than wireless connections since almost nobody uses fair-queuing on their switch/router hardware either.
What model of firewall?
What model of firewall?
-
- Senior Member
- Posts: 851
- Joined: Sun Sep 12, 2010 3:14 pm
- Location: South Jordan, Utah
I'm seeing this with both the ASA 5505 and 881W. The network contractor said it did, so I tested it by connecting directly to the modem and then to the firewall, both via cable. Numerous tests were all in the 5 Mbps range through the firewall, but connected directly in the 12-18 Mbps range (download). Upload speeds were around 5 regardless.
Craig
South Jordan, UT
South Jordan, UT
- rbeede
- Member
- Posts: 205
- Joined: Sat Apr 02, 2011 1:33 pm
- Contact:
If you have DSL and the DSL device is a router (it does NAT and can handle multiple clients) then you can just bypass the firewall for that 1 specific device (webcast) without causing a security issue and get the unused bandwidth.
Was the 881W configured and programmed by the network contractor or was it purchased through the official Church channel and activated per the instructions on the wiki? If the contractor didn't actually active the firewall with CHQ then it may be configured to limit bandwidth.
At first setup (CHQ activation) the firewall has to download for a while to load everything too.
How is the wireless performance?
Was the 881W configured and programmed by the network contractor or was it purchased through the official Church channel and activated per the instructions on the wiki? If the contractor didn't actually active the firewall with CHQ then it may be configured to limit bandwidth.
At first setup (CHQ activation) the firewall has to download for a while to load everything too.
How is the wireless performance?
- rbeede
- Member
- Posts: 205
- Joined: Sat Apr 02, 2011 1:33 pm
- Contact:
-
- New Member
- Posts: 31
- Joined: Tue Nov 03, 2009 1:41 pm
- Location: USA
- johnshaw
- Senior Member
- Posts: 2273
- Joined: Fri Jan 19, 2007 1:55 pm
- Location: Syracuse, UT
I've had the GSC multiple times ask me to bypass the Firewall under certain circumstances, testing, and a webcast. I don't think we're doing anything earth shattering for an hour while the firewall is bypassed to upload data for a webcast, particularly if that means nobody else in the building can connect to the Internet anyway because the Firewall is unplugged.
- rbeede
- Member
- Posts: 205
- Joined: Sat Apr 02, 2011 1:33 pm
- Contact:
@craiggsmith
I'd say your firewall has some kind of configuration or hardware issue to make it that slow. I'd talk with the Global Support Center (http://tech.lds.org/wiki/Global_Service ... IT_Support) about checking your firewall otherwise you are just wasting potential speed and money with your Internet connection.
I'd say your firewall has some kind of configuration or hardware issue to make it that slow. I'd talk with the Global Support Center (http://tech.lds.org/wiki/Global_Service ... IT_Support) about checking your firewall otherwise you are just wasting potential speed and money with your Internet connection.
-
- Member
- Posts: 225
- Joined: Tue Jan 05, 2010 2:50 pm
- Location: Texas, United States
- Contact:
I ran a few tests - if I use speedtest.lds.org, i always get between 5.25 and 5.5mbps, even though our internet connections are much faster than that. If I use speakeasy.net/speedtest, I get much nearer the right download/upload speed.
So - I suspect those who are seeing the 5mbps cap are just experiencing a limitation of speedtest.lds.org - try a different speed test and see if you get a different result. The other possibility is that speedtest.lds.org is measuring traffic speed through the VPN tunnel which may very well be capped at a lower speed in order to keep up with the encryption/decryption of packets. (though, from my understanding, the VPN is configured as a split tunnel, so only traffic to specific church servers passes through the tunnel and the rest goes out the WAN connection normally.)
So - I suspect those who are seeing the 5mbps cap are just experiencing a limitation of speedtest.lds.org - try a different speed test and see if you get a different result. The other possibility is that speedtest.lds.org is measuring traffic speed through the VPN tunnel which may very well be capped at a lower speed in order to keep up with the encryption/decryption of packets. (though, from my understanding, the VPN is configured as a split tunnel, so only traffic to specific church servers passes through the tunnel and the rest goes out the WAN connection normally.)
- rbeede
- Member
- Posts: 205
- Joined: Sat Apr 02, 2011 1:33 pm
- Contact: