Firewall speed limits

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
craiggsmith
Senior Member
Posts: 851
Joined: Sun Sep 12, 2010 3:14 pm
Location: South Jordan, Utah

Firewall speed limits

#1

Post by craiggsmith »

We just got hi speed internet - hooray! Testing shows that the firewalls limit bandwidth to about 5 Mbps. Is that per port or for the whole thing?

If we hook up our webcast connection directly to the modem, bypassing the firewall (which is what facilities has done), does this mean I don't have to bother disconnecting everyone else as I'll have plenty of untouched bandwidth?
Craig
South Jordan, UT
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#2

Post by rbeede »

The firewall does not limit the bandwidth. Note that wireless connections are slower than wired. There is no QoS settings on the Church firewall hardware which generally means wired connections have a better chance of getting more bandwidth than wireless connections since almost nobody uses fair-queuing on their switch/router hardware either.

What model of firewall?
craiggsmith
Senior Member
Posts: 851
Joined: Sun Sep 12, 2010 3:14 pm
Location: South Jordan, Utah

#3

Post by craiggsmith »

I'm seeing this with both the ASA 5505 and 881W. The network contractor said it did, so I tested it by connecting directly to the modem and then to the firewall, both via cable. Numerous tests were all in the 5 Mbps range through the firewall, but connected directly in the 12-18 Mbps range (download). Upload speeds were around 5 regardless.
Craig
South Jordan, UT
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#4

Post by rbeede »

If you have DSL and the DSL device is a router (it does NAT and can handle multiple clients) then you can just bypass the firewall for that 1 specific device (webcast) without causing a security issue and get the unused bandwidth.

Was the 881W configured and programmed by the network contractor or was it purchased through the official Church channel and activated per the instructions on the wiki? If the contractor didn't actually active the firewall with CHQ then it may be configured to limit bandwidth.

At first setup (CHQ activation) the firewall has to download for a while to load everything too.

How is the wireless performance?
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#5

Post by rbeede »

You may want to also downgrade with your ISP to save some Church funds.
dfdavis
New Member
Posts: 31
Joined: Tue Nov 03, 2009 1:41 pm
Location: USA

#6

Post by dfdavis »

rbeede wrote:You may want to also downgrade with your ISP to save some Church funds.
Our Stake center is getting almost 23 behind the firewall. Is no one going to say anything about bypassing a firewall?
Donald F. Davis Jr.
Stake IT
Bloomington Indiana :)
User avatar
johnshaw
Senior Member
Posts: 2273
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

#7

Post by johnshaw »

I've had the GSC multiple times ask me to bypass the Firewall under certain circumstances, testing, and a webcast. I don't think we're doing anything earth shattering for an hour while the firewall is bypassed to upload data for a webcast, particularly if that means nobody else in the building can connect to the Internet anyway because the Firewall is unplugged.
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#8

Post by rbeede »

@craiggsmith

I'd say your firewall has some kind of configuration or hardware issue to make it that slow. I'd talk with the Global Support Center (http://tech.lds.org/wiki/Global_Service ... IT_Support) about checking your firewall otherwise you are just wasting potential speed and money with your Internet connection.
sammythesm
Member
Posts: 225
Joined: Tue Jan 05, 2010 2:50 pm
Location: Texas, United States
Contact:

#9

Post by sammythesm »

I ran a few tests - if I use speedtest.lds.org, i always get between 5.25 and 5.5mbps, even though our internet connections are much faster than that. If I use speakeasy.net/speedtest, I get much nearer the right download/upload speed.

So - I suspect those who are seeing the 5mbps cap are just experiencing a limitation of speedtest.lds.org - try a different speed test and see if you get a different result. The other possibility is that speedtest.lds.org is measuring traffic speed through the VPN tunnel which may very well be capped at a lower speed in order to keep up with the encryption/decryption of packets. (though, from my understanding, the VPN is configured as a split tunnel, so only traffic to specific church servers passes through the tunnel and the rest goes out the WAN connection normally.)
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#10

Post by rbeede »

I just tried speedtest.lds.org from home with only 6mbps while other sites show 24mbps. Good observation!
Post Reply

Return to “Meetinghouse Internet”