This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro 525 Performance

Hello,

I am using an Astaro 525 firewall as a border firewall on a project. We are doing offsite backups through this firewall and have run into performance issues. Through a series of iperf tests between various network devices we have found that tests from a system outside the Astaro firewall to the remote site we get near gigabit speed in a single thread, and inside the firewall we get the same. I then plugged servers into two different ports on the Astaro to eliminate any other devices and just have the Astaro in between. I got about 200 Mbits in a single thread, 600Mbits with parallel threads. When I check the systems resources we barely use any memory, or CPU of the device. I do not have any QoS turned on on the device either. We do run an site to site ipsec VPN on separate interfaces but this connection does not go over that, and againw e barely use any of the resources of the device. Is there any settings that I may have missed or network settings that can be tweaked for performance gain?

This thread was automatically locked due to age.

0 BarryG over 12 years ago

Hi,

The IPS and the Application Detection / Traffic Classifier can both use a lot of CPU.

The IPS can normally process one network stream per CPU, so you may not be noticing the high single-threaded CPU usage. You should be able to see it better in 'top' if you press '1' to show all the CPUs.

Anyways, as a test, try disabling the IPS and Application Detection / Traffic Classifier and PortScan/Flood prevention and see if there's a performance improvement.

If it helps, try tuning the IPS settings (remove unneeded rule groups, define your SMTP, WEB, SQL servers, etc.)

Also see https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/21312

Barry
Cancel
Vote Up 0 Vote Down

Cancel