Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 5 subscribers
  • Views 3747 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 Performance (Bandwidth)

adamgoldberg

I have just migrated from a Dell T105/UTM8 (2.3ghz Althlon 64x2) to a SuperMicro SYS-5015A-EHF-D525/UTM9 (Atom D525 1.8ghz, quad core), and have FiOS 150/150mbps service.

On the old system, I was able to "speedtest" at 80-90bps consistently (and higher than that consistently upload).  On the new system, I'm seeing a pretty hard limit at around 25mbps down, 40mbps up.

If is SSH into the UTM9, I can wget a 100MB file across the internet at 18.1MB/s (~144Mbps).  If I transfer the same file from a client computer, I get about 3MB/s (~24Mbps).  If I do two clients at the same time fetching the same file, the sum of the two data rates is about 4MB/s (~32Mbps).  When this is happening, I see a CPU usage of about 50% on the fw machine.

Is there any tuning I can do?  The hardware and network are clearly capable of doing ~144Mbps, but nowhere near that is passing through the fw to clients.  I think I can do better with this hardware -- i've seen pfsense benchmarks using this hardware that is capable of doing as high as 400-500Mbps.

Help?



This thread was automatically locked due to age.
  • 0

    adamgoldberg said:

    I have just migrated from a Dell T105/UTM8 (2.3ghz Althlon 64x2) to a SuperMicro SYS-5015A-EHF-D525/UTM9 (Atom D525 1.8ghz, quad core), and have FiOS 150/150mbps service.

    That there might be your exact troubles.  You are going to an Atom processor, which will work for an average home user will be your bottle neck.  I had an Atom at one point and while it did the job, I happily changed out to an i3-processor that made a WORLD of difference.

    What services do you have turned on?  IPS?  Firewall?  What you have enabled along with that Atom will affect your speeds.


    Also - comparing pfsense to UTM is apples to oranges really.  You have a commercial grade product here that offers more, thus, will be different than what pfsense does and how it acts with hardware.


    You can look through William's numerous posts about hardware, and more specifically Atom processors with UTM usage.

  • 0 in reply to Amodin
    With IPS on, I got 28/45, with IPS off, I got 136/160.

    Dang. Dang. Dang. Seems like even though I was happy with the T105, even that was underpowered.

    I was looking at the Sophos UTM9 sizing guideline, and my traffic is within the UTM100 v5 "class" (spec'd for 100/250 avg/max mbps bandwidth), so I figured matching that CPU would be the right thing.... and that puts me at an 1.6GHz Atom (see sizing guideline pg3). Now, looking at it again, page 4 gives some "power user" guidelines, and I guess I should've gone up at least one (maybe two) steps ... to a Celeron Dual Core 2.2GHz or a Core 2 Duo 2.8GHz. Dang.

    Sigh. Well, I guess I'll leave IPS off for performance and recommission this Atom as a PBX eventually.
  • 0
    The issue is your atom, too slow to use with IPS enabled. Very simple to quote William, you need megahertz, many of them, not cores. Over 3ghz for the sort of performance you are looking for.
    Please search the old Astaro forums for posts by William, he has done a great deal of work on this subject.

    I seem to be repeating another post in this thread. 2.2ghz might not be enough?

    Ian
  • 0
    Hi,

    I've also have to say that Atom D525 1.8ghz is not quad core, it only has 2 cores although is not making any difference for the limitation in this case.