PFsense Not Showing Speeds Paid For
-
I am paying for speeds from my ISP for 150/100. If I plug my laptop in directly to the modem I am getting 145ish down and a tad over 100 up. Support said its the hardware. I love my PFSense box and dont want to give it up. I need help determining why my box is slowing down my speeds or what setting/config could be causing the slowness.
-
So what speeds are you seeing? What hardware are you running?
Steve
-
116-117/103 - Direct into the x5500e PFSense
Watchguard x5500e
HDD Mod
Full install 2.1.5
No limiters or QOS, the above speeds are when I am directly connected to the firewall. Directly into the modem i hit around 145 down. Up is fine for the moment, down is what I need to figure out. I do not want to give up PFSense.
-
Curious. What do you get running the watchguard code?
-
Keep in mind that the x550-e x750-e and x1250-e ports (0-3) are limited in speed by the fact that they are on a pci bus.
The x750-e and x1250-e came with the option for 4 additional ports (4 - 7) that are on a pci-e bus. If you can snag one of these you would be able to achieve your speeds.
The three platforms are identical so the optional board out of the latter two will fit the x550-e if you should find one…
-
I am paying for speeds from my ISP for 150/100. If I plug my laptop in directly to the modem I am getting way under 150(116-117) down and a tad over 100 up.
Maybe I'm missing something. If you plug directly into the modem for a speed test, how is pfSense involved at all?
-
Same question here…
-
Read the bottom of his second post here.
https://forum.pfsense.org/index.php?topic=85474.msg468957#msg468957
I believe he re-wrote his initial post and left out pertinent information.
-
Keep in mind that the x550-e x750-e and x1250-e ports (0-3) are limited in speed by the fact that they are on a pci bus.
The x750-e and x1250-e came with the option for 4 additional ports (4 - 7) that are on a pci-e bus. If you can snag one of these you would be able to achieve your speeds.
The three platforms are identical so the optional board out of the latter two will fit the x550-e if you should find one…
As posted in response to steph I am using an x5500e, also have a x1250e available.
-
What did I leave out?
Well now ya fixed it! :o
Try using the 1250 and use the latter 4 ports. You will want to make sure you add
Insert the following line into the file /boot/loader.conf.local. You will have to create that file if you've not already done so.
hw.msk.msi_disable=1 ```You can create the file and insert the code with the following commands:/etc/rc.conf_mount_rw echo 'hw.msk.msi_disable=1' >> /boot/loader.conf.local /etc/rc.conf_mount_ro
from
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox
-
Here is a summary of the info
Paying for 150/100
Laptop to the modem directly = 145-147/98-101
Laptop directly to the PFSense Watchguard x5500e = 116-117/98-101
PFSense Version = 2.1.5
Media = HDD
No QOS or Limiters enabled
-
Tried x1250e and same speeds as the x5500e, both are using the same HDD
-
Theoretical you should be able to do a gigabit across the pci bus just fine.
What kind of use is the CPU showing?
I run 500+mbps across my subnets all the time on my x-e box. Im using all 8 ports at this time.
-
Theoretical you should be able to do a gigabit across the pci bus just fine.
What kind of use is the CPU showing?
I run 500+mbps across my subnets all the time on my x-e box. Im using all 8 ports at this time.
Ill check now that the x1250e is up
-
Theoretical you should be able to do a gigabit across the pci bus just fine.
What kind of use is the CPU showing?
I run 500+mbps across my subnets all the time on my x-e box. Im using all 8 ports at this time.
State table size
0.09% (173/201000)
Show states
MBUF Usage
8.52% (2182/25600)
Load average
{ 0.05 0.02 0.00 }
CPU usage
12%
Memory usage
12.11%
SWAP usage
0% of 2048 MB
-
I apologize to all helping, I am working on hardware, while on the phone with support while trying to check the config. Im sorry if I have been mistyping my info. If you ask I shall get whatever is needed to figure this out. I dont believe support saying its my hardware, but could be. I love my PFSense so if I need to get better hardware i'm open to suggestions. Have not had any issues with the Watchguard x1250e or x5500e until this bandwidth upgrade.
-
Yeah - I'd say get new hardware if you are committed to running pfsense.
Get some hardware that is current, common, tested and supported.
-
-
FW-7551
Or equivalent hardware tested to be pfsense compatible.
If you go your own way you might end up spending time that is worth more than the cost of FW-7551.
Its a gamble to do your own thing.
-
Pfsense 2.1.5 Mini ITX
or maybe
Dell pfsense Firewall Router 4-Port 3.00GHz Dual Core 4gb RAM 2x 250GB HDD
-
FW-7551
Or equivalent hardware tested to be pfsense compatible.
If you go your own way you might end up spending time that is worth more than the cost of FW-7551.
Its a gamble to do your own thing.
I like the FW-7551, the ITX is one the did sell in the store
-
Up to you.
To me it sounds like you want a tested, supported out of the box solution.
Maybe buy directly from the pfsense store.
Me myself, I build but I spend alot of time checking before building.I do like the FW-7551
-
I enjoyed building my boxes so ill have to poke around, just not sure what specs I need to hit the speeds I am paying for.
-
If you enjoy building, and are willing to pay abit, an 8 core atom board is a way to go.
They are pretty sweet and are sure to be supported on pfsense 2.2 and forward.
Look into the supermicro boardsI could easily hit your bandwidth with my oldest 2 core athlon build at 2.4 GHZ which is still running.
Actually, I'm using that tonight. Still its a money matter. If you have abit of money I'd go with the 8 core atom I suggested.
-
I have a hard time believing these x-e boxes wont push that traffic… Of coarse Im running one with a 2.26ghz proc with 533fsb and 2GB RAM. So maybe thats whats helping mine?!?
Im hoping stephenw10 will comment some more as he has more experience pushing these boxes to their limits than probably anyone else here...
ghostshell- you are using the 32bit version correct? Have you tried a 2.2RC snapshot?
-
Just to be clear we are talking about the X5500e, the peak model, here. It has all 8 ports and the 2GHz Pentium-M as standard. It should have no problems at with 150Mbps. Neither would the X1250e. The fact that both are exhibiting the same throttling indicates some underlying issue.
Did both boxes show the same level of throttling?
Did you try both msk and sk interfaces? Did the speed change?Was your upgrade to 150/100 accompanied by a change of modem/router?
Steve
-
I understand what you are saying Steve, but to explain my perspective"
In the past I made so much money per hour that sitting for even 2 hours messing around with something trying to make it work would be less cost effective than just buying a new pfsense box sold by ESF and fully supported by them officially. But yeah - If it were me today, having some time on my hands and being inclined to tinker, I'd try to fix whatever problem is being had with current hardware. For lots of people tossing the old one here and buying new would be the best move and it would be future-proof.
-
I completely agree. The amount of time I've spent playing about with the fireboxes I have here is way, way beyond any economic value they might have. Saving time/money is not really what motivates me there. ;)
However I was just pointing out that this is not a simple case of 'not enough processing power'. Buying a new, much more powerful box might not necessarily solve the problem if it's caused by something underlying like a badly negotiating modem or a pfSense config that's limiting to ~100Mbps that has only now shown up.
Steve
-
Yeah - True. But since we are talking about two seperate boxes I'd have to assume its not the configuration unless the same config is being restored to both boxes. Could be hardware in front of pfsense or behind pfsense. Perhaps the NICs are not negotiating full speed connections?
BTW - Those firebox machines are just insanely expensive!
-
Ghostshell-
1. What kind of internet connection is this?
2. Model of modem?
3. Does your pfSense box get a public or private space IP address?
4. Does the gui show that the port is negotiating at full duplex?
-
BTW - Those firebox machines are just insanely expensive!
New they were but now they're cheap. The X-peak-e still command high prices but the Core boxes are <£50 here.
I had assumed the config was being restored or even just the CF card transfered, that's a good point. Is that what happened Ghostshell?
Steve
-
BTW - Those firebox machines are just insanely expensive!
New they were but now they're cheap. The X-peak-e still command high prices but the Core boxes are <£50 here.
I had assumed the config was being restored or even just the CF card transfered, that's a good point. Is that what happened Ghostshell?
Steve
x1250e using a 2.5 SSD drive with a fresh install, no restore, x5500e 2.5 HDD same config I have been running for a while. I will post specs shortly.
-
I have a hard time believing these x-e boxes wont push that traffic… Of coarse Im running one with a 2.26ghz proc with 533fsb and 2GB RAM. So maybe thats whats helping mine?!?
Im hoping stephenw10 will comment some more as he has more experience pushing these boxes to their limits than probably anyone else here...
ghostshell- you are using the 32bit version correct? Have you tried a 2.2RC snapshot?
I am running 2.1.5 and have not tried 2.2RC
-
Just to be clear we are talking about the X5500e, the peak model, here. It has all 8 ports and the 2GHz Pentium-M as standard. It should have no problems at with 150Mbps. Neither would the X1250e. The fact that both are exhibiting the same throttling indicates some underlying issue.
Did both boxes show the same level of throttling?
Did you try both msk and sk interfaces? Did the speed change?Was your upgrade to 150/100 accompanied by a change of modem/router?
Steve
Per ISP Support my Modem DOCIS 3 will support the new speeds, unless they are lying to me? Since I switched to a biz cust I did get a new modem when I switched and it was swapped out a couple time. Both boxes when directly connected to a port on the FW show 117/98. I had port 8 open and used that to direct connect, I will try when I can one of the 1-4 port using sk and not the msk port which is what I having been using to test.
Could it just be the site I am using to test(speedtest.net)? Anyone got a better option?
-
Yes DOCIS 3will handle your throughput and sounds lik your are doing everything right.
Perhaps its just a matter of units not be being displayed correctly? Or bandwidth not displaying correctly?
If you test with a laptop directly connected to the modem and the same laptop then connected to pfsense lan and the speeds are always different, there is definitely a problem.
-
INFO
1. What kind of internet connection is this? - BROADBAND
2. Model of modem? - MOTO SB6182 ( seperate AP's and of course PFSense FW, modem is only a modem)
3. Does your pfSense box get a public or private space IP address? - I have a static IP assigned to me due to being a biz cust
4. Does the gui show that the port is negotiating at full duplex? - WAN 1000baseT <full-duplex>/ LAN 1000baseT <full- (does="" not="" show="" <full-duplex="">)</full-></full-duplex>
-
Yes DOCIS 3will handle your throughput and sounds lik your are doing everything right.
Perhaps its just a matter of units not be being displayed correctly? Or bandwidth not displaying correctly?
If you test with a laptop directly connected to the modem and the same laptop then connected to pfsense lan and the speeds are always different, there is definitely a problem.
Thats what I thought.
Laptop to modem = 145-148/98
Laptop to Port 8 (MSK) wired = 117/98Up is close enough, down is my concern
-
SPECS: I upgraded mem and CPU in each
CPU Type Intel(R) Pentium(R) M processor 2.13GHz
Version - 2.1.5-RELEASE (i386)
FreeBSD 8.3-RELEASE-p16Memory 2GB
Load average ( at time of check) - { 0.00 0.00 0.00 }
CPU Usage ( at time of check ) - 12.6%
-
What is the model of your modem? Its not a gateway device is it? (Get a modem without a router)
Does your router get a public or private IP? (Gateway device will give you a private address unless you talk the ISP into bridgemode which most gateway modems dont really do.)
Who is your ISP? (cough cough Comcast cough) makes you use a gateway device on commercial accounts only if you need the static IP. If you don't have a static IP then they will let you use your own modem. We wont know unless you tell us.
Sites such as speedtest.net are notorious (at least in the past) for being highly inaccurate.
The best way to test is to download all kinds of stuff across your network (several computers) including the SP3 update for Windows XP (IT version so you get the whole 345+ MB file) and watch the GUI graphs on the dashboard.
Last question- Your computer is the only computer pulling data through the firewall during your speed tests…. right? Antivirus programs are notorious for requesting their updates as soon as they connect to a network.
-
What is the model of your modem? Its not a gateway device is it? (Get a modem without a router)
Does your router get a public or private IP? (Gateway device will give you a private address unless you talk the ISP into bridgemode which most gateway modems dont really do.)
Who is your ISP? (cough cough Comcast cough) makes you use a gateway device on commercial accounts only if you need the static IP. If you don't have a static IP then they will let you use your own modem. We wont know unless you tell us.
Sites such as speedtest.net are notorious (at least in the past) for being highly inaccurate.
The best way to test is to download all kinds of stuff across your network (several computers) including the SP3 update for Windows XP (IT version so you get the whole 345+ MB file) and watch the GUI graphs on the dashboard.
Last question- Your computer is the only computer pulling data through the firewall during your speed tests…. right? Antivirus programs are notorious for requesting their updates as soon as they connect to a network.
See reply #35 above for most of the info you asked for. ISP is COX. Yes, during test all services and devices are shutdown and only the laptop connected to port 8 (MSK) is active.
