USG 60W slow

Tibasoft
Tibasoft Posts: 9  Freshman Member
First Comment Friend Collector Second Anniversary
edited April 2021 in Security
Hello, I replaced the router of the Gigabit operator vodafone (for test) with a USG 20 by connecting it directly to the ONT Huawei with a good result.
The speed was obviously limited by the USG 20's throughput firewall but I managed to get up to 450mbps with the firewall enabled.
 then I tried to replace it with a Usg-60W (which on the manual indicates 1000 Mbps firewall througtput) keeping only the Firewall activated, excluding all services such as antivirus, mailscan, content filter, idp etc from the main interface in Easy mode .. 
The configuration is the same of the usg 20.
Unfortunately I have found that not only I do not reach 1000 Mbps but the speed is definitely lower than usg 20 !!! and stands at around 300 mbps. ( the old  Router shows 950 Mbps)
the firmware I used is the latest (4.39) but I also tried 4.20 ...
Any suggest?
«1

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Tibasoft 

    In the datasheet performance is tested by RFC2544.(1518 byte with UDP sessions) If tested it by same condition then will able to achieve it.

    UTM services and traffic statistics function will affect performance. You may try to disable them and test it again.

    And also if download data with multiple sessions, the total performance will higher than single session.

  • Tibasoft
    Tibasoft Posts: 9  Freshman Member
    First Comment Friend Collector Second Anniversary
    Thanks for the reply, I chose the usg-60W because in another location I have the same connectivity and I use a USG60 (not W) and it works very well.
    I wrote in the previous post that I disabled all services with the sole exclusion of the firewall from the menu in EASY MODE.
    moreover I also checked within UTM profile that there were no enable controls. i also disabled session limit in the security control menu.
    i only did some test tests and i only have one computer connected via ethernet. Is there another way to disable all UTM functions without giving up the Firewall?
    I will forgo the features even if I have a couple of years of subscription, but I cannot give up the speed.

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Tibasoft

    We are about release 4.60 patch 1 version at E/DEC. There is a function named Fast Forwarding.

    After enabled this function, the session will bypass UTM/BWM…etc control function.

    Then performance may get higher than before.

    (Configuration > System > Advanced > Fast Forwarding)


  • Tibasoft
    Tibasoft Posts: 9  Freshman Member
    First Comment Friend Collector Second Anniversary
    edited December 2020
    Hi Stanley and thanks again for the answer,
    I wonder if it is possible to try this firmware? (I only managed to find 4.39 and not 4.60).
    From the "Myzyxel" portal I don't even have the choice of 4.60 where can I find it?
    I did not think that the performances reduced to 1/3 speed for this model.
    I have the option to return the 4 usg 60W UTM BUNDLE recently purchased to the seller.
    For various reasons, I would hate to replace a brand I have been associated with for some time and not standardize my firewall fleet.
    is it possible to try this firmware (4.60p1) first?

    Thanks again.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @iSpeed  

    4.60 with vulnerability issue, so it has removed from Web site.

    We have fixed it  by 4.60WK48. You may download firmware by this thread.

  • Tibasoft
    Tibasoft Posts: 9  Freshman Member
    First Comment Friend Collector Second Anniversary
    edited December 2020
    HI @Zyxel_Stanley

    I have updated to version 4.60 patch 1 and enabled fast forwarding, actually the speed has increased  about 200 mbps ..... from about 400/450 we went to 600/650.
    but still a long way from the actual 950 mbps  with the previous router.
    It does not seem normal to me that there is such a large loss for a firewall with declared about 1000 mbps of troughtput on the firewall.
    I understand a normal 10% of loss ... but a 30/40% seems high to me.
    is there still something to disable?
    (firewall apart)
  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    The 1000 mbps of throughput on the firewall is tested by UDP not TCP.
  • Tibasoft
    Tibasoft Posts: 9  Freshman Member
    First Comment Friend Collector Second Anniversary
    yes Peter shure.
    but i have another usg60 (not W and not UTM) who doesn't have this problem....
    and it works about 850 Mbps
    with more complex configurations.
    M.
  • Tibasoft
    Tibasoft Posts: 9  Freshman Member
    First Comment Friend Collector Second Anniversary
    Finally I solved it, I replaced the default .conf file of the firewall with the .conf file contained in the zip of firmware 4.60 p1, even if from version 4.36 it was not necessary to replace it by updating to 4.60.
    I have put aside the .conf file contained by default in the firewall which I will compare in the future.
    probably the UTM version contains something different ... I think ...
    i have also enabled the new "fast forwarding" feature.
  • itxnc
    itxnc Posts: 98  Ally Member
    First Comment Friend Collector Sixth Anniversary
    Must be the fast forwarding or something changed by 4.38. Ran a diff between 4.60 and 4.38 (couldn't find 4.36 to download) and the only changes were to some default WLAN parameters, removal of des cipher/TLS1, changes to the default Content Filter profiles (which are disabled by default anyway), and some setup for load-balancing. 

    So - trying to figure out the rational behind Fast Forwarding - why would you want to disable almost every feature the USG has? I mean might be cool on a per device basis in a niche, but trying to wrap head around the concept...

Security Highlight