UTM USG60

ezekiel74
ezekiel74 Posts: 11  Freshman Member
Friend Collector First Comment
edited April 2021 in Security
Hi all,
I'm performing some throughput test on my new USG60, and I have activated UTM license.

A speedtest connected directly to modem give me around 750/280 Mbps (up/down), meanwhile performing the same speedtest on my USG 60 give me 265/221 Mbps (up/down), no rules are using UTM services.

Is it possible to stop UTM service to test the throughput? from datasheet the throughput must be gigabit.

Best Regards
eze

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Hi all

    RFC2544 is the Benchmarking Methodology for Network Interconnect Devices.

    Most vendors use it to do the System & Capacity Performance.

    It recommends doing the tests with different frame sizes, for example, f
    rame sizes to be used on Ethernet: 64, 128, 256, 512, 1024, 1280, 1518. 

    As far as I know, Zyxel only publishes one result: 
    Maximum throughput based on RFC 2544 (1,518-byte UDP packets). https://www.zyxel.com/products_services/Unified-Security-Gateway-USG40-40W-60-60W/comparison#specifications

    Some vendors are more clear, and they publish more details about the benchmark.

    Although from the datasheet, the theoretical best throughput is 1 gigabit, the real throughput could be much lower (depends on your traffic characteristic).

    My experience shows me that you can feel lucky if you get 50% of the throughput of any vendor datasheet.

    I hope you can tune the device to get bigger throughput.

    Regards
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ezekiel74,

     

    In our lab test with 1G connection, the Speed Test result for USG60 with firmware4.32 is as follows.

    Ethernet Throughput (With Firewall Routing, NAT and ADP enabled)

    http(download)    671.96 Mbps

    http(upload)         455.33 Mbps

     

    If UTM licenses are activated, UTM profiles are created but not applied to security policy rule, the throughput is not affected by UTM services.

    I run several tests with different conditions and the download/upload speed on SpeedTest is around 250Mbps/100Mbps.

    ISP: 300Mbps/100Mbps

    1. ISP-----PC

    2. ISP---(WAN)USG60(LAN)---PC; default settings with UTM license activated, firewall is disabled.

    3. ISP---(WAN)USG60(LAN)---PC; default settings with UTM license activated, firewall is enabled.

    4. ISP---(WAN)USG60(LAN)---PC; default settings with UTM license activated, firewall is enabled. Create a profile on CF/IDP/App Patrol. Profiles are not applied to any firewall rule.

     

    In your test, if UTM rules are not applied to firewall rules but the throughput is still low, please share your configuration file with us to check.

  • ezekiel74
    ezekiel74 Posts: 11  Freshman Member
    Friend Collector First Comment
    Hi @Zyxel_Emily ,

    Thanks a lot for your explanation, I'll perform other tests and in case I'll send you my configuration.

    Best Regards
    eze

Security Highlight