Tech Forum

Upgrading an existing Meetinghouse Firewall increases the firewall data throughput potential up to 240% (see estimate in the table below). Of course meetinghouse Internet access speed is also limited by the ISP bandwidth.

Possible firewall data throughput (in Mbps)
Firewall Model // Before* // After**
881-W // 0 to 20 Mbps // 0 to 68 Mbps
C881-W // 0 to 35 Mbps // 0 to 68 Mbps
C881 // n/a // 0 to 80 Mbps
C891F // n/a // 0 to 200 Mbps
--------
* Before firewall upgrade or new firewall activation. (N/A = "not applicable")
** After firewall upgrade or new firewall activation.
Notes:

• 1. The C881 and C891F meetinghouse firewall models were introduced after the new firewall configuration.
  2. Most meetinghouses only need a 881 series firewalls (due to limited ISP bandwidth)

[Moderator note: This post was split off to a new topic, since it was different enough from the previous thread.]

A couple of questions:

• Who is your ISP and what's their advertized throughput?
• Were your measurements taken wired or wirelessly?
• Was the building unoccupied when your measurements were recorded?
• Were you able to measure the throughput directly from the modem (bypassing the firewall) before and/or after the upgrade?

Thanks.

Mikerowaved wrote: A couple of questions ...

The data originates from Cisco testing in a hard-wired test environment. The configuration upgrade significantly reduces CPU load of the firewall, thus allowing more cycles for routing network packets.

OK, the above numbers came from Cisco. I've heard these figures tossed around before, but I've never known the source. Actual throughput in a production environment might vary quite a bit from Cisco's lab numbers, depending on the number of services enabled, IPSec, VPN, etc. The best way to know what these firewalls are capable of is to load them with with your own script and test them in your own setting.

These are my measurements, tested in 3 different buildings, before and after the firmware upgrade.
(All tests performed in an empty building, hardwired, using speedtest.net.)

Firewall: Cisco 881W
ISP: UTOPIA Fiber
Advertized throughput: 100 Mbps (up and down)
Measured throughput without the firewall: very close to 100/100 Mbps
Measured throughput with the firewall running the OLD script: Just under 50/50 Mbps
Measured throughput with the firewall running the NEW script: Just under 100/100 Mbps

Not going to get much above that for the 881W, since it uses 10/100 switches in its ports.

Sorry to post on a somewhat dated thread, but we've experienced chronically slow speeds since the upgrade. It comes and goes, but for the most part we're seeing less than 1mb down when I run a speed test at dslreports. Our meetinghouse is connected through Comcast, locally funded/installed wireless infrastructure, church provided Cisco hardware; although performance is consistent between wired/wireless. I can gather more info, but I'm hoping to see if there is a known issue with performance

That certainly doesn't sound right for Comcast. Sometime when the meetinghouse is empty, connect a PC right to the Comcast modem and retest the speed. If it's still slow, you found the problem. You might also try power cycling the modem and see if that helps.

would also like to see a speedtest done directly connected to the cable modem

icepop77 wrote:Sorry to post on a somewhat dated thread, but we've experienced chronically slow speeds since the upgrade. It comes and goes, but for the most part we're seeing less than 1mb down when I run a speed test at dslreports.

Forgive me if I'm stating something you already know, but the speed tests can't distinguish between a limited connection and one where all the available bandwidth is being taken by other members. That's why the suggestion to test when the meetinghouse is empty.

You might want to take the usage reports from tm.lds.org and see if the slow times correspond to a peak or lull in bandwidth usage. Keep in mind the times are in GMT/UTC. You can download a report that spans about 2 days with data at 10-minute increments.