PFsense Not Showing Speeds Paid For
-
Pfsense 2.1.5 Mini ITX
or maybe
Dell pfsense Firewall Router 4-Port 3.00GHz Dual Core 4gb RAM 2x 250GB HDD
-
FW-7551
Or equivalent hardware tested to be pfsense compatible.
If you go your own way you might end up spending time that is worth more than the cost of FW-7551.
Its a gamble to do your own thing.
I like the FW-7551, the ITX is one the did sell in the store
-
Up to you.
To me it sounds like you want a tested, supported out of the box solution.
Maybe buy directly from the pfsense store.
Me myself, I build but I spend alot of time checking before building.I do like the FW-7551
-
I enjoyed building my boxes so ill have to poke around, just not sure what specs I need to hit the speeds I am paying for.
-
If you enjoy building, and are willing to pay abit, an 8 core atom board is a way to go.
They are pretty sweet and are sure to be supported on pfsense 2.2 and forward.
Look into the supermicro boardsI could easily hit your bandwidth with my oldest 2 core athlon build at 2.4 GHZ which is still running.
Actually, I'm using that tonight. Still its a money matter. If you have abit of money I'd go with the 8 core atom I suggested. -
I have a hard time believing these x-e boxes wont push that traffic… Of coarse Im running one with a 2.26ghz proc with 533fsb and 2GB RAM. So maybe thats whats helping mine?!?
Im hoping stephenw10 will comment some more as he has more experience pushing these boxes to their limits than probably anyone else here...
ghostshell- you are using the 32bit version correct? Have you tried a 2.2RC snapshot?
-
Just to be clear we are talking about the X5500e, the peak model, here. It has all 8 ports and the 2GHz Pentium-M as standard. It should have no problems at with 150Mbps. Neither would the X1250e. The fact that both are exhibiting the same throttling indicates some underlying issue.
Did both boxes show the same level of throttling?
Did you try both msk and sk interfaces? Did the speed change?Was your upgrade to 150/100 accompanied by a change of modem/router?
Steve
-
I understand what you are saying Steve, but to explain my perspective"
In the past I made so much money per hour that sitting for even 2 hours messing around with something trying to make it work would be less cost effective than just buying a new pfsense box sold by ESF and fully supported by them officially. But yeah - If it were me today, having some time on my hands and being inclined to tinker, I'd try to fix whatever problem is being had with current hardware. For lots of people tossing the old one here and buying new would be the best move and it would be future-proof.
-
I completely agree. The amount of time I've spent playing about with the fireboxes I have here is way, way beyond any economic value they might have. Saving time/money is not really what motivates me there. ;)
However I was just pointing out that this is not a simple case of 'not enough processing power'. Buying a new, much more powerful box might not necessarily solve the problem if it's caused by something underlying like a badly negotiating modem or a pfSense config that's limiting to ~100Mbps that has only now shown up.
Steve
-
Yeah - True. But since we are talking about two seperate boxes I'd have to assume its not the configuration unless the same config is being restored to both boxes. Could be hardware in front of pfsense or behind pfsense. Perhaps the NICs are not negotiating full speed connections?
BTW - Those firebox machines are just insanely expensive!
-
Ghostshell-
1. What kind of internet connection is this?
2. Model of modem?
3. Does your pfSense box get a public or private space IP address?
4. Does the gui show that the port is negotiating at full duplex?
-
BTW - Those firebox machines are just insanely expensive!
New they were but now they're cheap. The X-peak-e still command high prices but the Core boxes are <£50 here.
I had assumed the config was being restored or even just the CF card transfered, that's a good point. Is that what happened Ghostshell?
Steve
-
BTW - Those firebox machines are just insanely expensive!
New they were but now they're cheap. The X-peak-e still command high prices but the Core boxes are <£50 here.
I had assumed the config was being restored or even just the CF card transfered, that's a good point. Is that what happened Ghostshell?
Steve
x1250e using a 2.5 SSD drive with a fresh install, no restore, x5500e 2.5 HDD same config I have been running for a while. I will post specs shortly.
-
I have a hard time believing these x-e boxes wont push that traffic… Of coarse Im running one with a 2.26ghz proc with 533fsb and 2GB RAM. So maybe thats whats helping mine?!?
Im hoping stephenw10 will comment some more as he has more experience pushing these boxes to their limits than probably anyone else here...
ghostshell- you are using the 32bit version correct? Have you tried a 2.2RC snapshot?
I am running 2.1.5 and have not tried 2.2RC
-
Just to be clear we are talking about the X5500e, the peak model, here. It has all 8 ports and the 2GHz Pentium-M as standard. It should have no problems at with 150Mbps. Neither would the X1250e. The fact that both are exhibiting the same throttling indicates some underlying issue.
Did both boxes show the same level of throttling?
Did you try both msk and sk interfaces? Did the speed change?Was your upgrade to 150/100 accompanied by a change of modem/router?
Steve
Per ISP Support my Modem DOCIS 3 will support the new speeds, unless they are lying to me? Since I switched to a biz cust I did get a new modem when I switched and it was swapped out a couple time. Both boxes when directly connected to a port on the FW show 117/98. I had port 8 open and used that to direct connect, I will try when I can one of the 1-4 port using sk and not the msk port which is what I having been using to test.
Could it just be the site I am using to test(speedtest.net)? Anyone got a better option?
-
Yes DOCIS 3will handle your throughput and sounds lik your are doing everything right.
Perhaps its just a matter of units not be being displayed correctly? Or bandwidth not displaying correctly?
If you test with a laptop directly connected to the modem and the same laptop then connected to pfsense lan and the speeds are always different, there is definitely a problem.
-
INFO
1. What kind of internet connection is this? - BROADBAND
2. Model of modem? - MOTO SB6182 ( seperate AP's and of course PFSense FW, modem is only a modem)
3. Does your pfSense box get a public or private space IP address? - I have a static IP assigned to me due to being a biz cust
4. Does the gui show that the port is negotiating at full duplex? - WAN 1000baseT <full-duplex>/ LAN 1000baseT <full- (does="" not="" show="" <full-duplex="">)</full-></full-duplex>
-
Yes DOCIS 3will handle your throughput and sounds lik your are doing everything right.
Perhaps its just a matter of units not be being displayed correctly? Or bandwidth not displaying correctly?
If you test with a laptop directly connected to the modem and the same laptop then connected to pfsense lan and the speeds are always different, there is definitely a problem.
Thats what I thought.
Laptop to modem = 145-148/98
Laptop to Port 8 (MSK) wired = 117/98Up is close enough, down is my concern
-
SPECS: I upgraded mem and CPU in each
CPU Type Intel(R) Pentium(R) M processor 2.13GHz
Version - 2.1.5-RELEASE (i386)
FreeBSD 8.3-RELEASE-p16Memory 2GB
Load average ( at time of check) - { 0.00 0.00 0.00 }
CPU Usage ( at time of check ) - 12.6%
-
What is the model of your modem? Its not a gateway device is it? (Get a modem without a router)
Does your router get a public or private IP? (Gateway device will give you a private address unless you talk the ISP into bridgemode which most gateway modems dont really do.)
Who is your ISP? (cough cough Comcast cough) makes you use a gateway device on commercial accounts only if you need the static IP. If you don't have a static IP then they will let you use your own modem. We wont know unless you tell us.
Sites such as speedtest.net are notorious (at least in the past) for being highly inaccurate.
The best way to test is to download all kinds of stuff across your network (several computers) including the SP3 update for Windows XP (IT version so you get the whole 345+ MB file) and watch the GUI graphs on the dashboard.
Last question- Your computer is the only computer pulling data through the firewall during your speed tests…. right? Antivirus programs are notorious for requesting their updates as soon as they connect to a network.
