Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Theo
Collaborator

Hosted Software Deployment behind Firewall- Download is limited to 2Mbps

Hi,

 

We have an on-premise Endpoint Software Management/Deployment system (ESM) in HQ, our external or roaming users once trying to download software from the ESM, we noticed that the download rate in the clients are only limited to 2Mbps.

We have 300Mbps internet bandwidth in HQ and we have dedicated line for this. We expect the download to be not as 2mbps only. Can please help what to check?

 

Gateway: 12000

Version R80.30

Screen Shot 2021-02-08 at 12.43.08 PM.png

0 Kudos
3 Replies
Timothy_Hall
Champion
Champion

Assuming that your network interfaces are running clean (netstat -ni), it is almost certainly a configuration issue with the 3 Threat Prevention blades you have enabled.  If you temporarily disable all three of the TP blades and reinstall policy, does performance improve?

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Theo
Collaborator

Hi Timothy,

Thanks for the reply, but I can't disable any of the TP blades since this is in production. Was there any exception we can set for download rate for the on-prem ESM if the client is on external network?

 

Regards

0 Kudos
Timothy_Hall
Champion
Champion

In that case, create what I call a null TP profile with all TP feature boxes unchecked as shown below.  Place a rule at the top of your TP policy matching the ESM traffic you wish to exclude, and put the null profile in the Action field; this will completely exclude that traffic from TP inspection.  If you have more than one TP layer (not common), the rule with the null TP profile needs to be placed at the top of all of them.  Note that this null profile technique is very different from a TP exception, which will not save any overhead.  If this substantially improves ESM speed, you need to tune your TP configuration.

If that doesn't improve things, check your APCL/URLF rules/layer and make sure that you are not using a Destination of "Any" in those rules (use "Internet" instead) to avoid pulling this ESM traffic into the Medium path for unnecessary inspection.  Also make sure that you do not have any Limit actions set in your APCL/URLF rules or the QoS blade enabled with limits configured which might be slowing down the ESM traffic.

null.jpg

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos