Disable Bandwidth management on the USG60

AndreasC

Hi there,

I have an USG60 box with the latest firmware 4.35(AAKY.3) hooked to a 300Mbit Fiber connection. When i have the firewall enable i get around 40mbit max , the minute i disable the firewall i get the full 300mbit, how i go about an disable any bandwidth management (the BGW is disabled) or fix this issue?

BR

Andreas

jasailafan

In our office, we get ISP 300 Mbps.

firmware version- 4.35(AAKY.3)

Default configuration file with firewall enabled

Run test at speedtest.net.

Download speed- 232.68 Mbps

Zyxel_Charlie

@AndreasC

Can I know did you enable the UTM service, ex: CF, App patrol, or AV...? Since the device will check every packets if enable one of function, therefore, the performance may be effect.

AndreasC

Hi Charlie,

Indeed i have enabled AV, when i disable it all ok, however dropping down to 40mbit or so is not really acceptable, any tuning i can make there?

Andreas

Zyxel_Charlie

@AndreasC
The throughput will be affect when you enable the Firewall or UTM profiles.
Since the firewall need to check and analyze each packet, therefore,  it will consume numerous performance.

On my lab, when enable AV, the throughput is 61.48Mbp/s. 
However, the statistic of throughput may be different by test machine or test process or test environment.

AndreasC

Thanks for the reply Charlie, Question the  throughput is limitation on the hardware of a % of the bandwidth, meaning if upgrade my speed to 600mbit would be able to achieve better results? or i have to upgrade my hardware say to USG110 or USG210 ?

Thanks
Andreas

Zyxel_Charlie

@AndreasC
To get better performance with enabled AV, 
you can consider to upgrade higher level of hardware.
The spec of USG110/210
https://www.zyxel.com/products_services/Unified-Security-Gateway-USG110-210-310/comparison#specifications

AndreasC

Hi Charlie, do the USG 110/210/310 have Setup wizards for enable the various UTM services?
From what i understand there is no easy mode for those boxes but i am not sure if that means
also there are not UTM wizards. On another question can the USG60 box acts as fail over over
the biggest box say USG210? for example if the USG 210 fails can the USG60 take over?

BR
Andreas

Zyxel_Charlie

@AndreasC
You can set the UTM services via "Security Service Wizard", however, the further configuration, you still need to configure via Expert mode.

As your mentioned, "USG 210 fails can the USG60 take over", do you mean HA-Pro scenario? 
If you need the devices do failover, the devices need to be the same model. 

AndreasC

Hi Charlie,
thanks for follow up, yes i meant HA-Pro scenario..i guess then in my case it will not work since i plan to get a higher model from the USG60. From the specs i understand USG210 and onwards do not come with a Easy mode thus no service wizard. Please clarify.

BR
Andreas

itxnc

That seems REALLY low for a USG60. We can usually push our USG40s to 70-80mbps with AV/CF/IDP enabled on a speed test. With a USG60, you should certainly get more than you are. Do you have any of the CPU intensive things like SecuReporter Traffic Logging, Bandwidth Mgmt, etc enabled?