No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Analysis for low speed to www.speedtest.com via USG5530

Publication Date:  2014-08-30 Views:  141 Downloads:  0
Issue Description
1. The topology is simply shown below:

2. If there is no UTM feature enabled on USG, the test speed on www.speedtest.net is about 29Mbps.


3. But after AV and Application Control policies being enabled. The download speed on www.speedtest.net reduces rapidly to 0.49Mbps.

Alarm Information
None
Handling Process
1. Add a new policy to permit IM_IRC_CHAT protocol.

2. Test speed on www.speedtest.net get normal.
Root Cause
About www.speedtest.net, when enable AV and blocked IRC_chat, the test speed will reduce. The reason is:
1. After analysis the packet of speedtest website, when it starts downloading to test the bandwidth, speedtest use IRC_Chat packet, the IRC_Chat packet use TCP protocol and destination port is 8080, if the IRC_Chat packet was blocked in USG, speedtest will change to use HTTP(80 port) packet to test the speed.

2. Only enable AV or Application Control will not affect the test speed, blow is the analysis result:
1) Only enable AV, speedtest use IRC_CHAT packet to test, IRC_CHAT packet doesn't send to AV module to check, so the test speed is ok.
2) Only enable Application Control, USG will block the IRC_Chat packet, then speedtest will use http packet to test, but the AV was disable, so the speedtest http packet will no send to AV module, the test result is ok.

3. But when enable both AV and Application Control , and block IRC_Chat, after IRC_Chat was blocked speedtest will use HTTP packet, so a lot of http packet will send to AV module to scan, lead to USG performance reduce.
If enable AV and Application Control, but permit IRC_Chat, the IRC_Chat packet doesn't send to AV scan, the test result will have good speed.
Suggestions
When application traffic is abnormal via USG firewall, suggest to capture the packets to analyze its protocol and interactive procedure, make sure USG doesn't block the packets inconsequently.

END