Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (2023)

Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (1) 10/05/2022 Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (2) 8,043 People found this article helpfulTroubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (3) 232,302 Views

Description

This article gives a list of possible reasons causing throughput and performance issues in the SonicWall UTM appliance.

Each SonicWall UTM appliance series has different performance capabilities depending upon hardware specifications such as the CPU, the RAM or the Flash memory. It is recommended to check the particular device's capabilities before deciding that the performance related issues with the device is due to other factors.

You can find the information for your device on our Products Page.

Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (4) CAUTION: Please keep in mind that Speed testing sites are not an accurate depiction of network throughput. There are many factors that impact throughput before packets egress the SonicWall and make the return trip to the host that's performing the speed test. We strongly recommend examining your network as a whole when troubleshooting any throughput issues.

Resolution

Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (5) NOTE: Please perform the following steps in the order they're presented and test the throughput after each change.

Resolution for SonicOS 7.X

This release includes significantuser interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

Maximum Transmission Unit (MTU) of the WAN interface of the SonicWall

  1. Click on Network on the top Navigation Menu.
  2. Click System | Interfaces and Configure the WAN interface in question.The Maximum Transmission Unit size is the maximum size of an Ethernet frame being sent out through a network device. By default, this value is 1500 bytes but on xDSL and cable connections this value is often lowered to achieve a more stable connection and/or better performance. Common values are:1492 SDSL / 1460 ADSL / 1404 Cable. The MTU value is changed in increments of8 bytes. In the SonicWall WAN interface, this value is by default1500 bytes.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (6)


    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (7) TIP:Change the MTU size after determining the optimum MTU size in order to prevent unnecessary fragmentation. Refer to the following article to determine the optimum MTU value: How can I determine the MTU size of WAN interfaces to optimize throughput? | SonicWall

Fragment non-VPN outbound packets larger than this Interface's MTU

  1. Click on Network on the top Navigation Menu.
  2. Click on System | Interfaces and Configure the WAN interface in question. This checkbox setting works in tandem with MTU and is enabled by default. Having this option enabled is a Best Practice and will help ensure the SonicWall isn't forwarding packets with a larger MTU than can be used on the Interface.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (8)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (9) TIP:Enable this option under Network | System | Interfaces | WAN Interfaces | Advanced Tab

Ignore Don't Fragment (DF) Bit

  1. Click on Network on the top Navigation Menu.
  2. Click on System | Interfaces and Configure the WAN interface in question.
  3. Enabling this option would fragment packets even though the Don't Fragment bit is set. By default, this option is unchecked in the WAN interface advanced settings and it is recommended to keep it unchecked.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (10)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (11) TIP:Enable this option under Network | System | Interfaces | WAN Interfaces | Advanced Tab

Link Speed settings of the WAN and other Interfaces

  1. Click on Network on the top Navigation Menu.
  2. Click on System | Interfaces and Configure the WAN interface in question.
  3. By default, all Interfaces on the SonicWall are set to automatically detect link speed. However, in certain deployments, the link speed settings should be manually set according to the device connected to the Interface. Please contact your ISP or device manufacturer of the device connected to the WAN Interface to find their best Duplex and Link Speed settings. Incorrect duplex settings of your WAN, for instance, would have the following harmful effects.

Bandwidth Management

Make sure the Bandwidth Management is disabled on the LAN and WAN interfaces and on the access rules.

  1. To disable Bandwidth Management on the Interface, Click on Network | System | Interfaces (Edit LAN and WAN) | Advanced Tab.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (14)
  2. To disable Bandwidth Management on the Access Rules. Click on Policy | Rules and Policies | Access Rules | Configure access rule from LAN to WAN |Trafficshaping, make sure Bandwidth management is disabled.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (15)

Enable Fragmented Packet Handling in VPN Advanced Settings

  1. Click on Network on the top Navigation Menu.
  2. Navigate to IPsec VPN | Advanced.
  3. Enabling fragmentation (Enable Fragmented Packet Handling) would help SonicWall handle fragmented IPsec packets. This can affect SonicWall's WAN throughput if any VPN policies are configured and enabled, even if they aren't established.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (16)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (17) TIP:It is recommended to enable this option and leave the Ignore DF Bit option unchecked under IPsec | Advanced on the SonicWall GUI.

Allow Fragmented Packets in Access Rules

  1. Click on Policy in the top Navigation menu.
  2. Navigate to Rules and Policies | Access rules and configure the desired access rule.
  3. This option is enabled by default and the best practice would be to keep it enabled.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (18)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (19) TIP:Make sure that all Access Rules under Rules and Policies | Access Rules have the Allow Fragmented Packets Checkbox Enabled.

Check the Connections Monitor to determine whether hosts on the network are using a large number of connections

  1. Click on Monitor in the top Navigation menu.
  2. Navigate to Tools and Monitors | Connections.
  3. If a host in the network is infected with malware it will often open, at random, hundreds or thousands of connections to the Internet or internal resources.
    The Connections displays real-time views of all connections to and through the SonicWall security appliance allowing you to find infected hosts and remove them from the network.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (20) TIP:Isolate the affected host and remove it from the network.

Set Name Resolution to None

  1. Click Device on the Top Navigation menu.
  2. Navigate to Log | Name Resolution. High traffic networks will result in high amounts of DNS queries for the SonicWall as it attempts to generate log entries. By default, the SonicWall will populate the DNS Address for log entries resulting fromSecurity Services, firewallAccess Rules, and the like.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (21)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (22) TIP:Change Name Resolution underDevice | Log | Name ResolutiontoNone.

Performance Optimized Security Services

  1. Click Policy on the Top Navigation menu.
  2. Navigate to Security Services | Summary.
  3. For throughput Best Practices we recommend disablingEnhanced Security. This will inspect and block packets who matchSignaturesmatchingMediumorHigh PriorityThreatprobability. BlockingLow Threat Probabilitytraffic will unnecessarilydroppackets such asICMPand is not recommended for most deployments.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (23)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (24) TIP:AlsoDisable Low Priority AttacksunderPrevent Allfor both Intrusion Prevention and Anti-Spyware.

Path Ping to a Remote Network

To help rule out or prove an issue with a device or network above the SonicWall you can usePath Ping. This command line utility will bothPingand track thelatencyon the route to a target destination, providing you feedback on if a particular hop is latent, packets are being incorrectly routed, etc.

Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (25) TIP:Perform a Path Ping to the network or IP Address that you're testing to.

https://technet.microsoft.com/en-us/library/bb490964.aspx

Physical Network

  1. If the above troubleshooting fails to yield an increase in throughput, it is often necessary to try removing the SonicWall from the physical network and retest the speeds. Increases in throughput when removing the SonicWall from the physical network are expected but it is important to have information on speeds with and without the SonicWall in place for further troubleshooting. It can also be beneficial to directly connect a host to the ISP handoff device and test for a throughput issue on the ISP side.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (26) NOTE: If speed tests show higher speeds with a host directly connected to the ISP modem/handoff device, check if the host is getting a private IP (DHCP). If the host is assigned with a private IP (DHCP) from the ISP modem, configure the WAN interface in DHCP mode instead of Static IP and test the speeds.
  2. Furthermore, we recommend doing an iPerf Test on the SonicWall to test for physical issues on the SonicWall's Interfaces. This requires that the SonicWall be taken out of thenetwork line temporarily in order to avoid involving other network devices that could alter the results.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (27) TIP:Remove the SonicWall from the physical network after getting a baseline of the network throughput. Test the throughput using the same tools and note the difference. While the SonicWall is out of the network, perform an iPerf Test:How to use iPerf to measure throughput on a SonicWall device? | SonicWall

Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (28) NOTE: Please perform the following steps in the order they're presented and test the throughput after each change.

Resolution for SonicOS 6.5

This release includes significantuser interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.


Maximum Transmission Unit (MTU) of the WAN interface of the SonicWall

  1. Click Manage in the top navigation menu.
  2. Click Network | Interfaces and opening the Interface in question.

    The Maximum Transmission Unit size is the maximum size of an Ethernet frame being sent out through a network device. By default this value is 1500 bytes but on xDSL and cable connections this value is often lowered to achieve a more stable connection and/or better performance. Common values are: 1492 SDSL / 1460 ADSL / 1404 Cable. The MTU value is changed in increments of 8 bytes. In the SonicWall WAN interface this value is by default 1500 bytes.
    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (29)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (30) TIP: Change the MTU size after determining the optimum MTU size in order to prevent unnecessary fragmentation. Refer the following article to determine the optimum MTU value: Determining the MTU Value for Your Internet Connection.


Fragment non-VPN outbound packets larger than this Interface's MTU

  1. Click Manage in the top navigation menu.
  2. Click Network | Interfacesand opening the Interface in question.This checkbox setting works in tandem with MTU, and is enabled by default. Having this option enabled is a Best Practice and will help ensure the SonicWall isn't forwarding packets with a larger MTU than can be used on the Interface.
    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (31)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (32) TIP: Enable this option underNetwork | Interfaces| WAN Interface | Advanced Tab.

Ignore Don't Fragment (DF) Bit

  1. Click Manage in the top navigation menu.
  2. Navigate toNetwork | Interfacesand opening the Interface in question.
  3. Enabling this option would fragment packets even though the Don't Fragment bit is set. By default this option is unchecked in the WAN interface advanced settings and it is recommended to keep it unchecked.
    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (33)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (34) TIP: Disable this option underNetwork | Interfaces| WAN Interface | Advanced Tab.


Link Speed settings of the WAN and other Interfaces

  1. Click Manage in the top navigation menu.
  2. Click Network | Interfacesand opening the Interface in question.
  3. By default all Interfaces on the SonicWall are set to automatically detect link speed. However, in certain deployments, the link speed settings should be manually set according to the device connected to the Interface. Please contact your ISP or device manufacturer of the device connected to the WAN Interface to find their best Duplex and Link Speed settings. Incorrect duplex settings of your WAN, for instance, would have the following harmful effects.
  • Unable to negotiate a connection with the ISP
  • An Inconsistent Internet connection
  • Dropped Packets
  • Slow Throughput
    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (35)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (36) TIP: Check with the manufacturer for all devices directly connected to a SonicWall Interface and make sure the Duplex and Link Speed Settings are optimally set. Change the relevant settings underNetwork | Interfaces| WAN Interface | Advanced Tab.

Bandwidth Management

  1. Click Manage in the top navigation menu.
  2. Navigate to Firewall Settings | Bandwidth Management.
  3. You can apply bandwidth management to both outbound and inbound traffic on the Interfaces associated with the WAN Zone. Enabling it entails entering the bandwidth values (in Kbps) available for the Interface. Bandwidth management will cause throughput degradation if incorrectly configured.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (37) EXAMPLE: If Bandwidth Management has been enabled on an Interface without specifying the bandwidth values, inbound and outbound traffic traversing that link will be throttled to the default values (384Kbps).
    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (38)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (39) TIP: Disable Bandwidth Management if not required viaFirewall Settings | Bandwidth Managementon the SonicWall GUI.

Enable Fragmented Packet Handling in VPN Advanced Settings

  1. Click Manage in the top navigation menu.
  2. Navigate toVPN | Advanced Settings.
  3. enabling fragmentation would help SonicWall handle fragmented IPsec packets. This can affect the SonicWall's WAN throughput if any VPN policies are configured and Enabled, even if they aren't established.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (40)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (41) TIP: It is recommended to enable this option and leave the Ignore DF Bit option unchecked underVPN | Advanced Settingson the SonicWall GUI.

Allow Fragmented Packets in Access Rules

  1. Click Manage in the top navigation menu.
  2. Navigate toRules | Access Rules and configuring the desired access rule.
  3. This option is Enabled by default and the best practice would be to keep it enabled.
    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (42)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (43) TIP: Make sure that all Access Rules underRules | Access Ruleshave the Allow Fragmented Packets Checkbox Enabled.

Check the Connections Monitor to determine whether hosts on the network are using large number of connections

  1. Click Investigate in the top navigation menu.
  2. Click Connections Logs.
  3. If a host in the network is infected with malware it will often open, at random, hundreds or thousands of connections to the Internet or internal resources. The Connections Monitor displays real-time views of all connections to and through the SonicWall security appliance allowing you to find infected hosts and remove them from the network.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (44) TIP:Isolate the affected host and remove it from the network. The Connection Monitor is available underInvestigatein the top navigation menu| Connection Logs.


Set Name Resolution to None

  1. Click Manage in the top navigation menu.
  2. Navigate toLog Settings | Name Resolution.High traffic networks will result in high amounts of DNS queries for the SonicWall as it attempts to generate log entries. By default, the SonicWall will populate the DNS Address for log entries resulting from Security Services, firewall Access Rules, and the like.
    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (45)

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (46) TIP: Change Name Resolution underLog Settings | Name ResolutiontoNone.


Performance Optimized Security Services

  1. Click Manage in the top navigation menu.
  2. Navigate toSecurity Services | Base Setup.
  3. For throughput Best Practices we recommend setting the Security Services Settings to Performance Optimized. This will inspect and block packets who match Signatures matching Medium or High Priority Threat probability. Blocking Low Threat Probability traffic will unnecessarily drop packets such as ICMP and is not recommended for most deployments.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (47) TIP: Change Security Services Settings underSecurity Services | Base SetuptoPerformance Optimized.AlsoDisable Low Priority AttacksunderPrevent Allfor both Intrusion Prevention and Anti-Spyware.

Path Ping to a Remote Network

  1. To help rule out or prove an issue with a device or network above the SonicWall you can use Path Ping. This command line utility will both Ping and track the latency on the route to a target destination, providing you feedback on if a particular hop is latent, packets are being incorrectly routed, etc.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (48) TIP: Perform a Path Ping to the network or IP Address that you're testing to.You can find out more about Path Ping by reading the linked Microsoft Technet Article.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (49)

Physical Network

  1. If the above troubleshooting fails to yield an increase in throughput, it is often necessary to try removing the SonicWall from the physical network and retest the speeds. Increases in throughput when removing the SonicWall from the physical network are expected but it is important to have information on speeds with and without the SonicWall in place for further troubleshooting. It can also be beneficial to directly connect a host to the ISP handoff device and test for a throughput issue on the ISP side.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (50) NOTE: If speed tests show higher speeds with a host directly connected to the ISP modem/handoff device, check if the host is getting a private IP (DHCP). If the host is assigned with a private IP (DHCP) from the ISP modem, configure the WAN interface in DHCP mode instead of Static IP and test the speeds.

  2. Furthermore, we recommend doing an iPerf Test on the SonicWall to test for physical issues on the SonicWall's Interfaces. This requires that the SonicWall be taken out of the network line temporarily in order to avoid involving other network devices that could alter the results.

    Troubleshooting Network throughput, Latency, and Bandwidth Issues with a SonicWall UTM | SonicWall (51) TIP: Remove the SonicWall from the physical network after getting a baseline of the network throughput. Test the throughput using the same tools and note the difference. While the SonicWall is out of the network, perform an iPerf Test:How to Use iPerf to Measure Throughput on a SonicWall.

Related Articles

  • How can I enable or disable SonicWall firewall management access?
  • How can I configure Isolated Zone
  • Authetication types available for Access Points on GEN 6 firewall

Categories

  • Firewalls > NSa Series > Networking
  • Firewalls > NSv Series > Networking
  • Firewalls > TZ Series > Networking

Not Finding Your Answers?

ASK THE COMMUNITY

Top Articles
Latest Posts
Article information

Author: Terence Hammes MD

Last Updated: 03/04/2023

Views: 5481

Rating: 4.9 / 5 (69 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Terence Hammes MD

Birthday: 1992-04-11

Address: Suite 408 9446 Mercy Mews, West Roxie, CT 04904

Phone: +50312511349175

Job: Product Consulting Liaison

Hobby: Jogging, Motor sports, Nordic skating, Jigsaw puzzles, Bird watching, Nordic skating, Sculpting

Introduction: My name is Terence Hammes MD, I am a inexpensive, energetic, jolly, faithful, cheerful, proud, rich person who loves writing and wants to share my knowledge and understanding with you.