Hi All,
We have migrated to v18, and I have only just come to try out the SD-WAN policy routing.
We have 2 WAN links for internet access: A high speed leased line 500mbps via BT (call it BTNET) and a slower WAN link 50mbps via Virgin Media (call it VIRGIN)
My domain user is member of an AD security group used for firewall auth and we use STAS to authenticate. There is a firewall rule matching on this AD group to allow LAN-WAN Traffic (All Services allowed, and web/app filtering turned off for testing)
The original firewall rule from v17 was migrated when upgraded and the gateway was specified as the high speed link (BTNET).
I though I would test out SD-WAN routing and I deleted this migrated sd-wan rule linked to the original firewall rule and I setup a new SD-WAN rule as Local Subnet range from LAN interface to ANY and matching on group (AD group as used in fw rule - See screenshot below). I then set the Primary Gateway to "BTNET" and the Backup Gateway to "None" and override gateway monitoring selected.
All good at this point, Internet access working from my laptop over high speed link. Performed a speed test via speettest.net and indeed 400-500mbps download/upload.
Now the following is where I don't understand things........
So I thought I would now switch the Primary Gateway in this same sd-wan policy to the "VIRGIN" wan link which is clearly much slower. After doing this, I ran the speed test again using the same site as before and was surprised to see a download speed of 150-300mbps, when the line supports only 50mbps. However the upload speed was as expected at ~20mbps (so this had clearly altered things). I have ran the test repeatedly and waited sometime before retrying, and the results are consistent.
I took a wireshark capture and managed to find the ip address of the speedtest test server and under diagnostics\connection list on the XG managed to find the connection to the test server by filtering on the destination ip of the test server and the gateway reported in this list was indeed the "VIRGIN" as per the screenshot below. I did notice that using this connection filter would only return results if I filtered on the dest ip address immediately after running the test, if I delayed slightly no results are returned! (Thats another query)
So I would like to know how I can be obtaining these reported download speeds via speedtest website (used different ones) which makes me think I am directed via the high speed WAN link, when actually the primary gw is the slower 50mbps wan link. It makes no sense. But as I said the upload speed did correspond, as does the connection list when I look at the gw column for visited websites. Also general browsing does feel slower as expected with the slower gw selected. I would just like to find an explanation for the impossible download speed??
Any thoughts on this??
This thread was automatically locked due to age.
