USG 40 throughput

fern Posts: 2  Freshman Member
First Comment
edited April 2021 in Security

I am running a small network with USG 40 (no wifi). I recently increased the ISP WAN speed from 100M/10M -> 250M/50M. However, I can get only 110 Mbps throughput with the USG. If I connect a laptop directly to the WAN (bypass the USG40), I get full 250M throughput.

I searched from the forums and discovered that people have had performance issues with smaller USG devices. I have disabled all UTM profiles, antivirus, antispam etc. BWM and ADP are also disabled. The only enabled security function is Policy Control with few rules.

Is this really normal behaviour that USG40 cannot provide better performance? Any suggestions for resolving the issue? Currently my plan is to actually change the firewall to another brand.

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    Hi @fern

    Welcome to the forum.

    110 Mbps throughput with USG40 looks poor performance.

    I would analyze the CPU usage during the tests.

    I hope other colleagues can help you better than me.

  • fern
    fern Posts: 2  Freshman Member
    First Comment

    Here is more information:
    Testing with parallel download of multiple iso images from different servers.
    All ports are 1000M full dublex (verified)

    before the test:
    USG CPU is 0-1 % and memory 40 %

    during the test
    USG CPU is 57 % and memory 40 %
    and throughput circa 100 Mbps

    stats also indicate zero collisions
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,408  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited December 2018

    Hi @fern,


    In our office, download/upload speed is 300/100 Mbps.

    Here is the test result using Speedtest (

    Firmware: 4.32(AALA.0)

    USG40 is running with the default configuration file.


    1. Laptop is connected to ISP directly.


    Download/Upload (Mbps):






    2. Laptop is connected to LAN of USG40.


    Download/Upload (Mbps):






    Here is another lab test using Speedtest for your reference.

    Ethernet Throughput (With Firewall Routing, NAT and ADP enabled))

    By 1 connection, with device Default Setting (Mbps)




    Can you share with us how you run the throughput?

    Do you also use Speedtest to run the test?

  • Rafi
    Rafi Posts: 2  Freshman Member
    First Comment Friend Collector

    Hello Together

    Face same issue with USG40 running on Firmware 4.35(AALA.3)

    ISP Down stream measured between 250-300 Mbps

    Downstream within LAN (Bridge of a VLAN and LAN1) after USG40 ~108 Mbps (CPU Load 98% at that time)

    Any hint why the specified SPI firewall throughput of ~400Mbps could not be reached by fare ?

    Is it possible that the bridge functionality is eating up that much resources?

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,341  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @Rafi

    Welcome to Zyxel community

    Is there any service (eg. Content Filter ,Anti-Virus) or any VPN connection running on USG40?

    Supposedly, if the CPU high will cause the low throughput.

    Can you type the command below when CPU goes high and check what service occupied the most CPU Usage?

    Router(config)#show cpu status

    Router(config)#show cpu average

  • Rafi
    Rafi Posts: 2  Freshman Member
    First Comment Friend Collector

    Hi @Zyxel_Jerry

    Many thanks for your feedback.

    I did check the usages and came to following result after 4min of permanent download with ~133Mbps:

    Router# show cpu status

    CPU utilization: 84 %

    CPU utilization for 1 min: 98 %

    CPU utilization for 5 min: 93 %

    Router# show cpu average

    CPU       Usage


    0         99 %

    CPU average: 99 %

    Network Traffic: 99 %

    CPU  MEM  TIME                      APPLICATION


    5.0  0.0  00:00:00                  zysh-cgi

    0.5  0.0  00:22:06                  System statistics

    0.3  0.3  00:00:01                  HTTP/HTTPS server

    0.3  0.3  00:00:01                  HTTP/HTTPS server

    0.3  0.0  00:00:04                  Linux Kernel process

    0.2  0.4  00:00:03                  HTTP/HTTPS server

    0.2  0.4  00:00:01                  HTTP/HTTPS server

    0.2  0.3  00:10:36                  ttyd

    0.2  0.2  00:00:00                  Zyxel Service

    during this period the web gui and webconsole was very slow what is obvious by the high CPU load.

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,341  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 50 Answers 1000 Comments

    Hi @Rafi

    Can you type the command below and private message your test result and configuration file for us?

    Router#debug system ps

    Router(config)#show cpu status

    Router(config)#show cpu average

  • johannCH
    johannCH Posts: 1  Freshman Member
    First Comment

    i have exactly the same issue like user fern:

    • USG40 with Firmware 4.35(AALA.3)
    • disabled all UTM profiles
    • disabled BWM, ADP
    • enabled Policy Control with 11 rules
    • ISP WAN Speed 300/50Mbps

    throughput directly connected to the cable modem is 315Mbps/52Mbps (download/upload).

    throughput connected to the USG40 is only 150Mbps/52Mbps.

    at downloading a 10gb file, the cpu usage goes up to 99%

    Router(config)# show cpu status

    CPU utilization: 99 %

    CPU utilization for 1 min: 99 %

    CPU utilization for 5 min: 99 %

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary


    As out test report,

    the throughput of USG40 with http service, download/upload: 328.3Mbps/218.2Mbps.

    For the issue of high CPU utilization,

    If there is huge traffic, the all kernels resource will be keep on it, therefore, the CPU usage will go up.

    Can you type the command below and private message your test result to me during issue occur?

    Router#debug system ps

    Router(config)#show cpu status

    Router(config)#show cpu average

  • Is there a fix for this issue? Do I need to run diagnostics before we are able to find out the issue?