Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Firewalla is affecting speed of one of ISP in dual Wan setup.

Follow
Avatar
Lestrod Gould
  • Edited

Hi All,

Has anyone seen this issue before?

I have Firewalla Gold and recently setup Dual WAN (both ISP are providing 1G) and have been troubleshooting this issue for several days now and I have determine that the issue is with Firewalla.
See diagram for simple overview of network setup.

Here is what I am experiencing and have tested.

1. Traffic from PC to Firewalla using fire.walla:8833/ss/ to test LAN traffic I consistently get 1Gig or more.
2. Traffic from PC to ISP2 using speedtest.net I consistently get 940Mbs or more.
3. Traffic from PC to ISP1 using speedtest.net I can only get 540Mbits or lower.
4. Testing traffic from Firewalla using speedtest to ISP2 interface I consistently get 1Gig or more.
5. Testing traffic from Firewalla using speedtest to ISP1 interface I consistently get 1Gig or more.

ISP2 is primary WAN and I am routing traffic for PC to ISP1.
Firewalla interfaces connecting to ISPs devices are 2.5G on both ends and the LAG from switch to firewall is 2x10G. LAN bandwidth is not the issue the cabling is not the issue.

I am guessing here but it seems that Firewalla is having issue PBR routing/switching traffic to ISP1 when the traffic comes from LAG interface to ISP1 but not ISP2. 

1

Comments

9 comments

Sort by Date Votes
  • Avatar
    Matt

    I have this exact issue, did you ever solve the problem?

    0
    Comment actions Permalink
  • Avatar
    Firewalla Team

    Are you using Smart Queue or IPv6? Try to turn it off.

    If ISP1 is PPPoE, try our new image with PPPoE enhancement. https://help.firewalla.com/hc/en-us/articles/360048626153-Firewalla-Gold-and-Gold-Plus-How-to-Flash-Installer-Image

    0
    Comment actions Permalink
  • Avatar
    Matt
    • Edited

    Smart Queue and IPv6 are disabled.

    ISP1 = DHCP / ISP2 = PPPoE

    I've performed the same tests as Lestrod and have the same results. 

    The key being;
    - Cli speedtest from the Firewalla on ISP2 = full speed. 
    - Client using specific route to ISP2, test with fire.walla:8833/ss/ = full speed
    - Client cli speedtest (to the same server as the firewalla) = half speed.

    I have no client issues with ISP1 only ISP2 which is set to failover.  I'm using a Firewalla Gold Plus, should I still apply the PPPoE patch?

    0
    Comment actions Permalink
  • Avatar
    Firewalla
    • Edited

    If your ISP1 is slowing down and ISP2 is not, then likely you may need to flash the image with a newer one. The optimization may improve PPPoE a bit. (But, in general, The Gold Plus should be able to get to 1Gbit PPPoE without the new patch, it is pretty rare to have it need the new image for anything less than 1.1 or 1.2 Gbit).  You may be hitting this rare case

    0
    Comment actions Permalink
  • Avatar
    Matt

    Ok thank you for the feedback.
    I do find it strange that the slowdown on ISP2 not occurring from the firewalla direct and only the client.
    I have a 2nd FWG so I will test on that unit.

    0
    Comment actions Permalink
  • Avatar
    Matt

    Looks like the problem has been fixed with a reboot of the Firewalla, I should have tried that first :)

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Strange for sure. Shouldn't make much difference. Can you check if the speed test server is still the same one?

    0
    Comment actions Permalink
  • Avatar
    Matt

    Yes I'm calling the cli script using a specific server each time. I haven't rebooted for around 6 months.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If your test ever slow down, please let us know. Our goal is not have you reboot the unit, if you have to do something ... it is our bug

    1
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post