Sonicwall routing speed

Question

Sonicwall NSA 220 routing performance is less than I expected. It is just doing routing - no content filtering (the system is out of support).

My test setup: two laptops, each with 1 gig NICs. The first is plugged into X0 and the second is plugged into X2. X2 is in the LAN zone but on a different subnet.

When copying a 4 gb file between laptops I get about 14 MB/s or 112 megabits / sec, according to the Windows file transfer dialog box.

If I plug both laptops into an unmanaged switch and set IP address to the same subnet I get about 90 MB/s or 720 megabits / sec when copying the same file.

The NSA 220 spec says it should have a statefull inspection throughput of 600 mb/s so why do I get only 112 mb/s with no content inspection? I could imagine that Sonicwall exaggerates a bit, but not by 5x?

What am I missing?

Answer 1

After speaking with Sonicwall support I've found that fw 5.9 added a LOT of overhead. Moral of the story is to buy a faster firewall than you expect to need since future security updates will slow it down.

Answer 2

You may need to make a group, put the ip of the machines in a group, go through every item in the security services (GAV, IPS, etc) and add that group to the Exclusion lists. Try to copy file again.

Answer 3

Be sure to have all services disabled on all interfaces : Antivirus, IPS, etc. Check the link duplex and speed (force them to be sure).