Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 24 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 5634 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 18.0.3 MR-3 - DPI performance

twister5800

Hi,

I have tested a while with DPI engine, but I am a little lost with the perforamance tuning.

With everything off I get 420Mbit

When I enable DPI SSL/TLS inspection with decrypt, IPS Policy LAN TO WAN I can only get 170MBit through.

I have enabled:

console> system firewall-acceleration enable
Firewall Acceleration Enabled Successfully.
console> system firewall-acceleration show
Firewall Acceleration is Enabled.

Any hints on what I made wrong? :-)



This thread was automatically locked due to age.

Top Replies

  • in reply to twister5800 +2
    Unknown said:
    I have not uploaded Appliance cert info firefox.

    Firefox doesn't use your system CA store, It has It's own; Since you didn't upload the certificate into Firefox and didn't got any warnings while browsing, It means It is using the Web Proxy without HTTPS Decrypt - hence if It has using DPI and you have the TLS Inspection rules in place, Firefox would give a warning saying that the firewall certificate is not trust-able.

    Unknown said:

    Edge In-private 176Mbit

    Firefox Private 413Mbit (Ful speed of ISP)

    It's hard to measure firewall throughput through HTTP speed-tests. But It shouldn't be that slow for the SG 210 Rev. 3.

    Also, can you take a picture of the CPU usage with "top -d 1" command on the shell while doing a speed test ?

    Jump to answer
Parents
  • 0

    Our 1Gb connection was installed yesterday so I've been doing some crude speed tests.

    With relation to your issue and your observations so far, I have found Firefox to consistently achieve better download speeds but the difference was dramatically different depending on the speed test site.

    Speedtest.net: Firefox 800 Mbps, Chrome and the new Edge 615Mbps
    xn--bredbnd-ixa.dk/hastighedstest: Firefox 880 Mbps, Chrome and the new Edge 190Mbps

    The issue you are having seems to be more with the testing site you are using than enabling SSL/TLS. It would be interesting to ask them why such a massive difference but I don't speak Danish!

    I actually found a really strange issue. When I disabled SSL/TLS inspection my speeds went from 800 Mbps to 200 Mbps! I'm going to start a new post for this as it has nothing to do with your issue.

Reply
  • 0

    Our 1Gb connection was installed yesterday so I've been doing some crude speed tests.

    With relation to your issue and your observations so far, I have found Firefox to consistently achieve better download speeds but the difference was dramatically different depending on the speed test site.

    Speedtest.net: Firefox 800 Mbps, Chrome and the new Edge 615Mbps
    xn--bredbnd-ixa.dk/hastighedstest: Firefox 880 Mbps, Chrome and the new Edge 190Mbps

    The issue you are having seems to be more with the testing site you are using than enabling SSL/TLS. It would be interesting to ask them why such a massive difference but I don't speak Danish!

    I actually found a really strange issue. When I disabled SSL/TLS inspection my speeds went from 800 Mbps to 200 Mbps! I'm going to start a new post for this as it has nothing to do with your issue.

Children