Question : SonicWall VPN throughput vs. ISA 2004 VPN troughput

Im just starting the process of implementing a SonicWall 4060. One of the key features we purchased this particular model for was the throughput speeds of its VPN.

The SonicWall is attached to our network perimeter and fully updated with the latest firmware, but not yet serving in any production capacity. At this point it is attached to the same mini-switch as our Microsoft ISA firewall that provides our current VPN access, so the topology of its network connection is the same as our ISA firewall. Before proceeding with shifting any services over to the new SonicWall, I did a speed comparison of our Microsoft VPN against the SonicWall VPN. What I discovered both surprised me and has left me in a untenable position. The SonicWall VPN is not only slower than our current ISA solution& its prohibitively slower. Below are examples:

Microsoft ISA VPN
1MB file takes 35 seconds
5MB file takes 180 seconds

SonicWall 4060
1MB file takes 145 seconds
5MB file takes 496 seconds (8 minutes, 16 seconds!)

I was hoping that I did something wrong with the SonicWall configuration- so I contacted technical support for assistance. We spent well over an hour tweaking the configuration and testing& and we were able to produce a marginal performance improvement (i.e. 1MB file down to 120 seconds), but we never got even close to an acceptable speed, much less my purchasing expectations. Even when we turned off every additional service and lowered the encryption to the DES, the SonicWall was still vastly slower than ISA. (1MB file down to 110 seconds).

Im truly at a loss. My expectation was that this very expensive hardware based firewall/VPN would easily outpace the software based one I already have in place. Instead& now I have a 6K+ piece of hardware whose VPN I cant implement or else my users will feel as though their remote connectivity got downgraded.

I'd greatly appriciate any insight you could provide.

Answer : SonicWall VPN throughput vs. ISA 2004 VPN troughput

This one was tricky... and we still haven't solved it, but I should close the question.

We believe that issue is related to a DMZ hub that both the ISA firewall and the Sonicwall device are connected to. The hypothesis is that the hub is slowing down the SonicWall in a manner that does not impact the ISA box (as much). Given that a hub should not be used in this manner... we are hoping that once we remove it from the equation, performance will improve.

Random Solutions

A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer.

How do I copy files with their ACLs to another file server in a different AD forest?

Reclaiming space on my ESXi server

Compile Error in Excel

Format of week column - converted from date column

problem of do while loop iin foxpro

Using TSADMIN.msc is there a way to tell which user is at a desktop, which is using remote app?

Access Server Error 15135

VSTO 2008 Deployment Project

Activate (Requery) a Combo Box w/ VBA