PfSense internet browsing speed is not fast enough
-
Hi:
I used to have pfSense 2.0.1, and I also tried the version 2.1. I was hoping to be faster than my linksys router, but I can't feel any faster than it. I could get pretty high through-put (> 2MB download speed with comcast ISP). But I cannot feel any faster while browsing the internet. Site like microsoft.com, yahoo.com and ea.com takes about 5 seconds for the whole page to load. I was hoping these large sites to be under 2.5 seconds to load. I am able to achieve that in corporate network.
Is this something to do with my pfsense? or is it my hardware not powerful (but my cpu is always <1%)? or is it just my ISP plan not fast enough?
Is there any setting I could tweak?My hardware and system activities:
CPU: Intel C2D 2.0 Ghz (<1% used)
RAM: 1GB (<15% used)
NIC: Intel 1000/S x2
100Mbps wired ethernet, cat5e cablesISP:
Comcast 25Mbps -
Who told you it would speed your internet connection up? ….. Tehehe
The creation of Pfsense was the simple idea that if you have a bigger engine under the hood you can perform more task and apply complex custom filtering rules. If your pfsense firewall is running slower than your off the shelf router, there is obviously something wrong with your software configuration or an odd hardware configuration.
As for a default install, you should NOT see any difference in browsing speed at all.
Depending on what packages you run, it may slow web browsing down somewhat ( Snort for example with all rules applied )...... but for the insignificant browsing slow down you have heighten security!
-
Unless your Linksys router was particularly old or underpowered I would not expect any increase in speed. This is especially true of complex websites where often connection speed is not the limiting factor. They are usually served from multiple locations and you are restricted by the latency of these. Comcast will likely be adding latency by doing some filtering/caching.
How is your pfSense box connected? If you have your modem in bridge mode and pfSense connecting via pppoe you may be able to optimise your connection via mtu etc. I've not needed to do that though.Steve
-
Unless your Linksys router was particularly old or underpowered I would not expect any increase in speed.
This. With the potential exception of an old Linksys and a fast connection, and the definite exception of scenarios where you're opening large numbers of simultaneous connections, like a bittorrent client set to open as much as it possibly can.
Comcast is cable so should have a 1500 MTU end to end, no need for MSS clamping. That'd most always exhibit itself differently than slow page loads too, more likely to be some pages completely failing to load.
That box is capable of pushing over 1 Gbps, it's not a question of hardware on the firewall at least. That box is significantly faster than any Linksys, but your Internet connection isn't fast enough that it matters. The latency through that box will be a good deal lower than the Linksys, but we're talking tiny fractions of a ms, not enough of a difference to be perceptible. Hardware or problems at the client are more likely the cause, there's vastly more involved client-side in rendering today's websites than there is for the firewall pushing packets.
Try to narrow it down with further measurement - different client systems, different web browsers, etc. May just be a fact of life on your Internet connection. Business class connections are generally better quality and better connected, you may not be able to achieve the same level of service on a residential connection. There's a reason business connections cost as much as 5-10+ times as much.
