Announcement

Collapse
No announcement yet.

SonicWall TZ100 Slow WAN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SonicWall TZ100 Slow WAN

    We have a SonicWall TZ100 Appliance and a 12 Mb DSL connection. If we connect a laptop directly to the modem we get around 1.5 Megabytes per second download on a file from Adobe. When we download the same file from behind the SonicWall, its a slow 100-200 kilobytes per second. We know its not the Internet connection.

    It had been slow on the modem for the past 2 weeks but the technician from the Internet provider came out and we switched out the modem to a different one and now the speed directly from the modem is fine but Sonicwall is still slow at the same speed it had been at with the bad modem.

    What can we do to fix this? It was working fine before. Does it get used to a certain speed or something???

  • #2
    Re: SonicWall TZ100 Slow WAN

    I would start checking logs on the sonicwall. Look for duplex mismatches. Check interface statistics for CRC erros, collisions, drops etc. I assume you are filtering traffic on this device? Check your inspection rules and access control lists. Are you bridging the modem to the firewall? Check the cable going from the sonic wall to the modem. Check the MTU on the wan interface. Should be set for 1492 to accommodate for the PPOE header (8bytes) Also try a reboot on the device as well.



    Basically start at Layer 1 and work up from there.
    Last edited by auglan; 25th February 2012, 23:31.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: SonicWall TZ100 Slow WAN

      Originally posted by auglan View Post
      I would start checking logs on the sonicwall. Look for duplex mismatches. Check interface statistics for CRC erros, collisions, drops etc. I assume you are filtering traffic on this device? Check your inspection rules and access control lists. Are you bridging the modem to the firewall? Check the cable going from the sonic wall to the modem. Check the MTU on the wan interface. Should be set for 1492 to accommodate for the PPOE header (8bytes) Also try a reboot on the device as well.



      Basically start at Layer 1 and work up from there.
      Our ISP doesn't use PPoe, it is straight DHCP. Our MTU is set to 1500. We had previously been operating with the same settings we have now with no issues and now all of the sudden its like it won't figure out the internet is back to normal speeds.

      We have none of the security services turned on. No errors. We are using a 2Wire modem from our ISP. The SonicWall is configured in the DMZ on the 2Wire. No matter what we try it won't give us the right speed. Its all over the place. We are to the point of shooting it full of holes and buying a Cisco

      Comment


      • #4
        Re: SonicWall TZ100 Slow WAN

        When you connect directly are you connecting to a lan interface on the 2 wire or to the dmz? If lan interface and all is well then start looking at the dmz side. Any reason you just cant bridge the modem and not use the dmz interface on the 2 wire? I know with ATT Uverse service that the only way to put a router/firewall behind the DSL modem is to stick it in the dmz which can cause issues.


        If you have DSL service you are using PPOE as the underlying layer 2 technology. I would assume your 2 wire is handling authentication and NAT?
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: SonicWall TZ100 Slow WAN

          Originally posted by auglan View Post
          When you connect directly are you connecting to a lan interface on the 2 wire or to the dmz? If lan interface and all is well then start looking at the dmz side. Any reason you just cant bridge the modem and not use the dmz interface on the 2 wire? I know with ATT Uverse service that the only way to put a router/firewall behind the DSL modem is to stick it in the dmz which can cause issues.


          If you have DSL service you are using PPOE as the underlying layer 2 technology. I would assume your 2 wire is handling authentication and NAT?
          We connect directly to the network port on the 2wire and get a 192... ip address (our ip behind sonicwall are 10...)

          Windstream doesnt use PPoe in our area. it wont bridge

          Comment


          • #6
            Re: SonicWall TZ100 Slow WAN

            May want to call Windstream to find out the proper setup with a router/firewall behind the 2 wire. Are both devices doing NAT?
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment


            • #7
              Re: SonicWall TZ100 Slow WAN

              Originally posted by auglan View Post
              May want to call Windstream to find out the proper setup with a router/firewall behind the 2 wire. Are both devices doing NAT?
              I think they are both doing nat. We had been using this same modem in the past with no issues. It had a power supply problem so we but in a different one and had it in the DMZ as well, no issues until the modem suffered really slow speeds. Technican came out and changed the modem back to the 2Wire and I put it back in the same config we had it in before it had an issue.

              Comment


              • #8
                Re: SonicWall TZ100 Slow WAN

                Well the double nat could be causing some issues. Im guessing this is an ADSL2+ connection using dhcp and dot1x for authentication. (no ppoe).

                Okay so you replaced the sonic wall for a bad power supply or the ADSL modem? If you replaced the sonic wall have you checked for an updated firmware?

                Can windstream give you a standard DSL modem you can bridge while giving you the same speeds? The thing that sucks with ADSL2+ is that they cant be pulled out of the picture as each device has a digital certificate it uses to authenticate with the provider using dot1x.

                I found this on a Uverse support forum so I am not sure if it will work for your 2wire:

                There is no true bridge mode on the 2Wire routers. However, you can still configure it such that almost all functions of your own router will work properly.

                1. Set your router's WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.
                2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.
                3. Restart your router, let it get an IP address via DHCP.
                4. Log into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ
                5. Select your router under section (1).
                6. Click the DMZPlus button under section (2).
                7. Click the Save button.
                8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.
                9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration
                10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.
                11. Check everything under Outbound Protocol Control except NetBIOS.
                12. Uncheck NetBIOS under Inbound Protocol Control.
                13. Uncheck all the Attack Detection checkboxes (7 of them).
                14. Click Save.

                Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.

                Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.

                This is how I have my 2Wire configured, and I have a Cisco 2811 behind it doing IPSec, IPv6 tunnels, etc.
                Last edited by auglan; 26th February 2012, 23:44.
                CCNA, CCNA-Security, CCNP
                CCIE Security (In Progress)

                Comment


                • #9
                  Re: SonicWall TZ100 Slow WAN

                  Originally posted by auglan View Post
                  Well the double nat could be causing some issues. Im guessing this is an ADSL2+ connection using dhcp and dot1x for authentication. (no ppoe).

                  Okay so you replaced the sonic wall for a bad power supply or the ADSL modem? If you replaced the sonic wall have you checked for an updated firmware?

                  Can windstream give you a standard DSL modem you can bridge while giving you the same speeds? The thing that sucks with ADSL2+ is that they cant be pulled out of the picture as each device has a digital certificate it uses to authenticate with the provider using dot1x.

                  I found this on a Uverse support forum so I am not sure if it will work for your 2wire:

                  There is no true bridge mode on the 2Wire routers. However, you can still configure it such that almost all functions of your own router will work properly.

                  1. Set your router's WAN interface to get an IP address via DHCP. This is required at first so that the 2Wire recognizes your router.
                  2. Plug your router's WAN interface to one of the 2Wire's LAN interfaces.
                  3. Restart your router, let it get an IP address via DHCP.
                  4. Log into the 2Wire router's interface. Go to Settings -> Firewall -> Applications, Pinholes, and DMZ
                  5. Select your router under section (1).
                  6. Click the DMZPlus button under section (2).
                  7. Click the Save button.
                  8. Restart your router, when it gets an address via DHCP again, it will be the public outside IP address. At this point, you can leave your router in DHCP mode (make sure the firewall on your router allows the DHCP renewal packets, which will occur every 10 minutes), or you can change your router's IP address assignment on the WAN interface to static, and use the same settings it received via DHCP.
                  9. On the 2Wire router, go to Settings -> Firewall -> Advanced Configuration
                  10. Uncheck the following: Stealth Mode, Block Ping, Strict UDP Session Control.
                  11. Check everything under Outbound Protocol Control except NetBIOS.
                  12. Uncheck NetBIOS under Inbound Protocol Control.
                  13. Uncheck all the Attack Detection checkboxes (7 of them).
                  14. Click Save.

                  Your router should now be able to route as if the 2Wire was a straight bridge, for the most part.

                  Inbound port 22 might be blocked, and inbound ports 8000-8015 might also be blocked, and there's nothing that can be done about it.

                  This is how I have my 2Wire configured, and I have a Cisco 2811 behind it doing IPSec, IPv6 tunnels, etc.
                  Could it be DNS Servers? We changed them on our Internal DNS server from OpenDns to the Windstream ones and all of a sudden everything is faster...

                  Comment


                  • #10
                    Re: SonicWall TZ100 Slow WAN

                    Hmm I use open dns where I work for external lookups with no issues but your situation is alot different as far as your network layout. Are you getting the speeds you where looking for?
                    CCNA, CCNA-Security, CCNP
                    CCIE Security (In Progress)

                    Comment


                    • #11
                      Re: SonicWall TZ100 Slow WAN

                      Originally posted by auglan View Post
                      Hmm I use open dns where I work for external lookups with no issues but your situation is alot different as far as your network layout. Are you getting the speeds you where looking for?
                      Its still not where we want it to be but it is somewhat of an improvement. Is there any reason a SonicWall would have slow throughput

                      Comment


                      • #12
                        Re: SonicWall TZ100 Slow WAN

                        Could be an issue with the Sonic Wall but I think it has to do with having the sonic wall behind the 2Wire. May be worth getting on the phone with Windstream and seeing if the dmz is setup properly.
                        CCNA, CCNA-Security, CCNP
                        CCIE Security (In Progress)

                        Comment


                        • #13
                          Re: SonicWall TZ100 Slow WAN

                          Generally any time i've seen poor WAN performance with a SonicWALL is when there have been duplex mismathces between it and the relevant switch.

                          Is it possible to throw in a switch between the router and the firewall???

                          Comment


                          • #14
                            Re: SonicWall TZ100 Slow WAN

                            Yeah the duplex mismatch I did mention on my first reply but from what he is saying there are no issues there.
                            CCNA, CCNA-Security, CCNP
                            CCIE Security (In Progress)

                            Comment


                            • #15
                              Re: SonicWall TZ100 Slow WAN

                              Hi have had this before. it was an MTU setting on the WAN Interface.

                              Comment

                              Working...
                              X