Firewalla Blue - Speed Reduction
My Inet is 400/400 but I really get 500/525. Devices monitored by Blue get that speed cut in half around 250. The physical port to the Blue is correct at 1gig speed. I've tried simple mode, dhcp mode, and pointing my PC''s gateway to the Blue's IP. All of the modes work, but I see the slowness if I have the device monitored in Blue. I've tried disabling all of the individual services one at a time, but no change. When I unmonitor the device in Blue, the speeds go back up to around 450/450.
Even when pointing my PC to Blue as its default gateway, it still has good throughput if it's not monitored in Blue. I made sure its still going to Blue for the default route as the mac address is the Blues in my ARP table on my PC.
I've just recently subscribed to the box beta version and the app beta version. No change.
-
How are you connecting firewalla blue to your network? and what router do you have?
Here are more things to check https://help.firewalla.com/hc/en-us/articles/360000555074-Troubleshooting-When-Running-Firewalla-#h_1da67d9a-a7f9-42a5-810a-abfc9bc288b3
-
Jim, if you end up finding a solution for this, I'd love to know about it. I encountered something similar performance issues and even had Melvin remotely log into my Firewalla Blue and run a variety of tests. Never did resolve it and still haven't had time to try a fresh Firewalla Blue install to see the performance out of the box (it's especially hard these days since we are all work from home and depend on the Internet being up...)
-
I have a Ubiquiti USG FW/Router. From my first statement, I've tried DHCP mode and simple mode. I've also tried configuring one of my device's to use it's default gateway as the firewalla's IP address. No matter which method I used, it gave the same results as long as that device was monitored in firewalla. I also shut off all services that I could in firewalla. Once I hit the checkbox to monitor the device the throughput cuts in half. I disable the monitoring and it goes right back to normal.
Firewalla blue is rated >500mbps, but is that total bandwidth across all devices monitored? Is there a per-session/per-device throughput spec for it? From my experience, it just seems that when monitored the traffic has to go through the inspection engines which has processing overhead. However, when not monitored by firewalla I can pull down close to 500mbps. When monitored by firewall it's always around 250mbps. It doesn't stagger or fluxuate, it's always 250mbps.
FYI. I've used the same speedtest from all my devices connected to the same switchport on my network so there was likeness there for the tests.
250mbps is largely enough for most services, however I do have some work instances where I need to pull down large files so getting my full throughput is very beneficial.
Is there anything I can check on the firewalla box itself, or any testing I can do from the box itself?
-
@Michael Chu I'm a network engineer by trade and so far I can't find anything other than the traffic being inspected as the cause of the lower bandwidth. I currently have firewalla out of the network as I was seeing other 'wonkiness' as well.
I wish there was more statistics on what's actually going on with the services and what they are blocking. I find it a bit difficult to see if something was just blocked, how it was blocked, or allowed, etc.
-
We do have lots of users on the USG, a couple of places to check
1. Double-check your QoS settings on the USG. Make sure it is not limiting the port where firewalla is connecting to. When firewalla is active, all the traffic ingress/egress will need to loop through the Firewalla
2. Check how you are connecting the Firewalla. Firewalla operates better to be closer to the router.
3. Today firewalla only have block, there is no allow. But, our engineers are working on a better and visible way to show the rules.
4. Try testing with wired connection if you can, this eliminates noise from the wifi side.
-
Was this ever resolved? I'm designing a new system for a 3000sqft 2 story house and am considering Ubiquiti but would like to add a Firewalla Blue or Gold to the setup because of the advertised simplicity of adding a VPN such as Nord. The connection will be Optimum Business at an advertised 500 down. I'd like to support what Firewalla is doing but I'm concerned about some of the things I'm reading here. Thank you.
-
For me it wasn't ever really resolved, but I feel like something might have at least gotten a little better with one of the updates but I am still able to get closer to my 400-500Mbps when I bypass my Blue. So, I have certain systems (like my own cell phone, etc.) that I know I don't plan to block outgoing traffic and just put them on Emergency Access and it gets closer (but not quite there).
If I were buying today, I'd probably just pony up for the Gold to have the headroom. But, alas, it wasn't available when I was first getting into it.
Please sign in to leave a comment.
Comments
7 comments