SG-2220: horribly slow upload speed
-
I have just upgraded to fiber, symmetric 1 Gbit down/up. The provider (Swisscom) delivers an integrated modem/router, which however has only rudimentary firewall/routing capacity. If I connect my LAN directly to the Swisscom modem, I get actual speeds of 700-800 Mbit/s both upload and download.
I have then connected the modem to the WAN port of my pfSense SG-2220 unit, and set the model to "DMZ mode", which means that all ports are passed to the pfSense without NAT. Now I get 550-600 MBit/s download (which is OK), but only a meager 8-9 Mbit/s upload (which is totally unacceptable). Might somebody give me a hint as to what might be going wrong here? Thanks in advance!
-
I would look first for a duplex mismatch on the ethernet - such as the upstream device being half-duplex and the WAN interface being full-duplex.
-
Thanks. However the pfSense interface is set to "autoselect", and the modem interface does not seem to have any user-modifiable option. The pfSense dashboard says "1000baseT <full-duplex>", hence I assume that the result of the negotiation is correct.</full-duplex>
-
Then I would pcap and see what that shows. The 2220 is obviously capable of more than that.
-
I have just upgraded to fiber, symmetric 1 Gbit down/up. The provider (Swisscom) delivers an integrated modem/router, which however has only rudimentary firewall/routing capacity. If I connect my LAN directly to the Swisscom modem, I get actual speeds of 700-800 Mbit/s both upload and download.
I have then connected the modem to the WAN port of my pfSense SG-2220 unit, and set the model to "DMZ mode", which means that all ports are passed to the pfSense without NAT. Now I get 550-600 MBit/s download (which is OK), but only a meager 8-9 Mbit/s upload (which is totally unacceptable). Might somebody give me a hint as to what might be going wrong here? Thanks in advance!
did you use a traffic shaper and forget to revoke the limiters, or bandwidth limits?
-
There appear to be no limiters active. However, I suspect that something else in the config may be wrong. In the meantime, I have confirmed 100% that the SG is the bottleneck, as the upload limit is in place even if I attach a laptop directly to the LAN port (no switches or any other equipment in-between).
Can you tell me what is the fastest way to factory-reset the SG? Do I really have to reload an image from a USB-stick, or is there a more convenient thing to do? I guess that this is the next step to figure out whether something is bad in the config.
-
Take a backup then Diagnostics > Factory Defaults
-
Thank you. I did as you advised. The good news is that, with a bare-bones config without any rules, I get 800 Mbit/s down and 600-650 Mbit/s up! Hence there is something in the config that is badly messed up. I am currently restoring the config piece-by-piece, always measuring the throughput after each step. Will report.
The bad news is that I was horrified to discover that I have found no way to restore the certificate stores. Is that a fact, or am I overseeing something? Reentering all the certificates is only slightly more pleasurable than being waterboarded!
-
See if they go in with the System area.
If you get to finding what the issue actually was, you can just restore the whole thing and undo that piece.
-
This feels like a smack traffic shaper issue, maybe obliterate that and only that see what happens?
