Page 1 of 2

Firewall speed limits

Posted: Thu Feb 23, 2012 12:35 pm
by craiggsmith
We just got hi speed internet - hooray! Testing shows that the firewalls limit bandwidth to about 5 Mbps. Is that per port or for the whole thing?

If we hook up our webcast connection directly to the modem, bypassing the firewall (which is what facilities has done), does this mean I don't have to bother disconnecting everyone else as I'll have plenty of untouched bandwidth?

Posted: Thu Feb 23, 2012 3:24 pm
by rbeede
The firewall does not limit the bandwidth. Note that wireless connections are slower than wired. There is no QoS settings on the Church firewall hardware which generally means wired connections have a better chance of getting more bandwidth than wireless connections since almost nobody uses fair-queuing on their switch/router hardware either.

What model of firewall?

Posted: Thu Feb 23, 2012 3:34 pm
by craiggsmith
I'm seeing this with both the ASA 5505 and 881W. The network contractor said it did, so I tested it by connecting directly to the modem and then to the firewall, both via cable. Numerous tests were all in the 5 Mbps range through the firewall, but connected directly in the 12-18 Mbps range (download). Upload speeds were around 5 regardless.

Posted: Thu Feb 23, 2012 7:46 pm
by rbeede
If you have DSL and the DSL device is a router (it does NAT and can handle multiple clients) then you can just bypass the firewall for that 1 specific device (webcast) without causing a security issue and get the unused bandwidth.

Was the 881W configured and programmed by the network contractor or was it purchased through the official Church channel and activated per the instructions on the wiki? If the contractor didn't actually active the firewall with CHQ then it may be configured to limit bandwidth.

At first setup (CHQ activation) the firewall has to download for a while to load everything too.

How is the wireless performance?

Posted: Thu Feb 23, 2012 7:47 pm
by rbeede
You may want to also downgrade with your ISP to save some Church funds.

Posted: Fri Feb 24, 2012 5:49 am
by dfdavis
rbeede wrote:You may want to also downgrade with your ISP to save some Church funds.
Our Stake center is getting almost 23 behind the firewall. Is no one going to say anything about bypassing a firewall?

Posted: Fri Feb 24, 2012 6:44 am
by johnshaw
I've had the GSC multiple times ask me to bypass the Firewall under certain circumstances, testing, and a webcast. I don't think we're doing anything earth shattering for an hour while the firewall is bypassed to upload data for a webcast, particularly if that means nobody else in the building can connect to the Internet anyway because the Firewall is unplugged.

Posted: Fri Feb 24, 2012 7:03 am
by rbeede
@craiggsmith

I'd say your firewall has some kind of configuration or hardware issue to make it that slow. I'd talk with the Global Support Center (http://tech.lds.org/wiki/Global_Service ... IT_Support) about checking your firewall otherwise you are just wasting potential speed and money with your Internet connection.

Posted: Fri Feb 24, 2012 7:43 am
by sammythesm
I ran a few tests - if I use speedtest.lds.org, i always get between 5.25 and 5.5mbps, even though our internet connections are much faster than that. If I use speakeasy.net/speedtest, I get much nearer the right download/upload speed.

So - I suspect those who are seeing the 5mbps cap are just experiencing a limitation of speedtest.lds.org - try a different speed test and see if you get a different result. The other possibility is that speedtest.lds.org is measuring traffic speed through the VPN tunnel which may very well be capped at a lower speed in order to keep up with the encryption/decryption of packets. (though, from my understanding, the VPN is configured as a split tunnel, so only traffic to specific church servers passes through the tunnel and the rest goes out the WAN connection normally.)

Posted: Fri Feb 24, 2012 7:46 am
by rbeede
I just tried speedtest.lds.org from home with only 6mbps while other sites show 24mbps. Good observation!