SG-1100 SpeedTest Capped ~300 Mbps

  • Hello,

    Newbie question.... I'm not seeing the throughput I expected from my new SG-1100 and am wondering if I need to exchange it for the more powerful (and expensive) SG-3100.

    My connection to the internet is via an Xfinity cable modem promising 600/15 (measured at 716/17). With my new SG-1100 in the network path I only get 331/18. From the following specs on NetGate's site I thought I would get at least 600 Mbps on a SpeedTest since that should be closer to IPERF3 than IMIX and my firewall/NAT only have default rules..

    L3 Forwarding: 880 Mbps
    Firewall: 656 Mbps
    (10k ACLs)
    IPsec VPN: 74.2 Mbps
    (AES-128-CBC + SHA1)

    L3 Forwarding: 480 Mbps
    Firewall: 190 Mbps
    (10k ACLs)
    IPsec VPN: 46 Mbps
    (AES-128-CBC + SHA1)

    My setup is a very simple 'out of the box' config on 2.4.5-RELEASE-p1 (arm64):

    LAN: Macbook Pro connected directly LAN port on SG-1100 with NAT & firewall enabled but only using default rules

    WAN: Connected to LAN port on Google Wifi through a dumb switch

    The Google Wifi is also configured with NAT and it's WAN port is connected to my cable modem (an ARRIS SB 8200). This means I'm double NATed. Here's are the interfaces on my SG-1100:


    Here's the speed test results going through the SG-1100:

    Here's what I see if I connect my Macbook directly to the Google Wifi (removing the SG-1100 from the path but not making any other changes):
    Am I doing something wrong in the way I setup my SG-1100 or do I just need more powerful hardware? Will the SG-3100 be enough to support near Gbps downloads? I got the SG-1100 so I could connect to two ISPs (dual WAN, Xfinity Cable and MonkeyBrains line of sight wireless). I will never use the VPN or complicated firewall rules so I was hoping the SG-1100 would be enough... Happy to upgrade if that's the right answer.

    Thanks in advance for your help :-)


  • Netgate Administrator

    The SG-1100 can usually pass 450-500Mbps so there may be some optimising to do there. It won't pass 716Mbps though.
    The SG-3100 can pass traffic at or very close to Gigabit line rate (941Mbps) so should be fine there.

    There are always variables here, precise numbers are hard to give.


Log in to reply