Firewalla blue throughput
I have the Firewalla blue installed, and love the information about my network that it provides. My question revolves around the throughput of devices from the overlay network to the WAN. I have a 200 mb cable plan. I test around 230mb/sec from my "normal" subnet, but only around 130mb/sec from devices on the overlay network. (blue)
Questions I have around that are:
Is there some performance tuning that I can look at for my Firewalla?
Is 130mb/sec a hard cap?
Is 130mb/sec an acceptable ratio of my WAN speed, and if I increase the WAN speed the firewalla throughput will increase accordingly?
Any insight would be appreciated.
It is a Synology 2600. DHCP service is turned off on the Synology. Firewalla patched directly into one of the Synology ports. Test with "main" subnet and the router as the default gateway yields 230mb/sec. Test with overlay subnet and Firewalla as the default gateway yields 130mb/sec.
It looks like something is doing rate limit, double-check the Synology and see if you have anything that may be doing QoS? Or do you have any network elements near the Synology?
The Synology 2600 is one of our favorite routers for DHCP mode. Feel free to create a case email@example.com, our engineers can help you directly.
Thank You. I opened a case. Also, I performed a speedtest to the WAN from a shell on the Firewalla box. The results were 230mb/sec just like any other device from the Synology subnet. The slower speeds (130mb/sec) seem to be anything using Firewalla as their default gateway. This makes me think that it is isolated to traffic that Firewalla is inspecting.
Did some reading up on Bro, and it appears not to be multi-threaded. That is somewhat concerning considering that when the speedtest is hitting 130Mbps, Bro is pegging a CPU.
With that said, support ( Melvin ) has been running some tests and is gathering information. I have also given him access to a Linux server that uses Blue as its default gateway to run additional tests.
Support resolved the issue I was having.
After doing some testing, support had this theory: "We suspect if the LAN bridge on the router may share upload/download bandwidth within multiple ports."
I moved all patches from the Synology over to an 8-port gigabit switch, and then patched the switch into one of the Synology LAN ports. With the network switching offloaded from the router to the switch, the speedtests through Firewalla Blue to the WAN was able to max my internet service.
Thank You guys for the amazing support.
Last month I did signup for the Indiegogo Gold campaign. I look forward to using Gold as the main firewall/router, and moving the Synlology to a role of wireless access point.
Please sign in to leave a comment.