dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1145
share rss forum feed

jmw

join:2012-08-05
Cary, NC

[TWC] Watchguard Firewalls

Anyone using a watchguard firewall behind their TW modem?

Since using the device I've never been able to get the exact speeds that I'm paying for but always close. I currently have 50/5 package and I use to get close between 42down-45down/4.45up average. Now I'm barely getting over 30down and 5.05up. I'm not sure if it's a setting in my firewall (couldn't be because I haven't changed anything) or something with my singals or the modem. I work from home as a remote IT agent for my company based on FLA so I need my watchguard to establish a site-to-site vpn tunnel. Here are my speeds currently.



And here is my modems numbers.

Cable Modem Downstream
DS-1 DS-2 DS-3 DS-4
Frequency 615000000 603000000 609000000 621000000
Lock Status Locked Locked Locked Locked
Channel Id 3 1 2 4
Modulation 256QAM 256QAM 256QAM 256QAM
Symbol Rate
(Msym/sec) 5.360537 5.360537 5.360537 5.360537
Interleave Depth I=32
J=4 I=32
J=4 I=32
J=4 I=32
J=4
Power Level
(dBmV) 1.6 1.5 1.8 1.5
RxMER
(dB) 39.40 39.90 39.90 39.70
Correctable
Codewords 5677 11861 11879 12465
Uncorrectable
Codewords 0 81 30 25

Channel Type 1.1 N/A N/A N/A
Channel Id 12 N/A N/A N/A
Frequency
(HZ) 34600000 N/A N/A N/A
Ranging Status Success N/A N/A N/A
Modulation 16QAM N/A N/A N/A
Symbol Rate
(Ksym/sec) 2560 N/A N/A N/A
Mini-Slot Size 4 N/A N/A N/A
Power Level
(dBmV) 36.4 N/A N/A N/A
T1 Timeouts 0 N/A N/A N/A
T2 Timeouts 0 N/A N/A N/A
T3 Timeouts 0 N/A N/A N/A
T4 Timeouts 0 N/A N/A N/A

Status

Cable Modem Status
Item Status Comments
Acquired Downstream Channel 615.000000 MHz Primary Downstream Locked
Ranged Upstream Channel 34.600000 MHz Success
CM Provisioning State OK Operational

Logs

Cable Modem Event Log
First Time Last Time Priority Description
Sun Sep 30 09:15:35 2012 Sun Sep 30 09:15:35 2012 Notice (6) Web user logged in from 71.77.13.50
Sat Sep 29 08:55:06 2012 Sat Sep 29 08:55:06 2012 Notice (6) Web user logged in from 174.97.218.247
Thu Sep 27 16:49:22 2012 Thu Sep 27 16:49:22 2012 Notice (6) TLV-11 - unrecognized OID;CM-MAC=90:6e:bb:f1:11:74;CMTS-MAC=0...
Thu Sep 27 16:49:20 2012 Thu Sep 27 16:49:20 2012 Error (4) Missing BP Configuration Setting TLV Type: 17.9;CM-MAC=90:6e:...
Thu Sep 27 16:49:20 2012 Thu Sep 27 16:49:20 2012 Error (4) Missing BP Configuration Setting TLV Type: 17.8;CM-MAC=90:6e:...
Time Not Established Time Not Established Warning (5) DHCP WARNING - Non-critical field invalid in response ;CM-MAC...
Sun Sep 09 13:28:15 2012 Sun Sep 09 13:28:15 2012 Critical (3) SYNC Timing Synchronization failure - Failed to acquire QAM/Q...
Thu Sep 06 16:19:47 2012 Thu Sep 06 16:19:47 2012 Critical (3) REG RSP not received;CM-MAC=90:6e:bb:f1:11:74;CMTS-MAC=00:01:...
Wed Jul 04 09:45:51 2012 Wed Jul 04 09:45:51 2012 Critical (3) Started Unicast Maintenance Ranging - No Response received - ...
Fri Jul 06 02:12:00 2012 Fri Jul 06 02:12:00 2012 Critical (3) SYNC Timing Synchronization failure - Failed to receive MAC S...
Sun Aug 05 21:37:37 2012 Sun Aug 05 21:37:37 2012 Critical (3) Resetting the cable modem due to docsDevResetNow
Thu Jul 26 16:12:38 2012 Thu Jul 26 16:12:38 2012 Critical (3) SYNC Timing Synchronization failure - Failed to acquire QAM/Q...
Thu Jul 26 16:12:10 2012 Thu Jul 26 16:12:10 2012 Critical (3) SYNC Timing Synchronization failure - Failed to acquire FEC f...
Thu Jul 26 16:06:18 2012 Thu Jul 26 16:06:18 2012 Critical (3) Received Response to Broadcast Maintenance Request, But no Un...
Sun Sep 09 13:28:11 2012 Sun Sep 09 13:28:11 2012 Critical (3) SYNC Timing Synchronization failure - Failed to acquire FEC f...
Time Not Established Time Not Established Critical (3) No Ranging Response received - T3 time-out;CM-MAC=90:6e:bb:f1...
Time Not Established Time Not Established Critical (3) No Ranging Response received - T3 time-out;CM-MAC=90:6e:bb:f1...
Time Not Established Time Not Established Critical (3) Started Unicast Maintenance Ranging - No Response received -


swintec
Premium,VIP
join:2003-12-19
Alfred, ME
kudos:5
Reviews:
·Time Warner Cable
·VoicePulse
·Sprint Mobile Br..
·RapidVPS

One thing you could try is plugging one machine directly into modem to see what you get. This would help you narrow down where the issue lies.
--
Usenet Block Accounts | Unlimited Accounts



Jabbu
Premium
join:2002-03-06
reply to jmw

What model is it?

Did you check to see WAN is set to full duplex?


jmw

join:2012-08-05
Cary, NC

It's the Watchguard Firebox Edge X20e



Jabbu
Premium
join:2002-03-06
reply to jmw

Take link speed off automatic and select full in the external network config.


jmw

join:2012-08-05
Cary, NC

OK. It was set to automatic and I've changed it to full.

This is what I'm getting now. Should I do anything with any other settings or attempt to determin my mtu?



Jabbu
Premium
join:2002-03-06
reply to jmw

tunnels off while testing?

Try a computer direct to modem and see what speeds you are getting. The signals you posted looked good.

Is that a ubee 3611 modem?


jmw

join:2012-08-05
Cary, NC
reply to jmw

Well plugged directly into the modem, got an ip address, did a speed test, and just like magic I'm getting 50/5. I know it's the watchguard. I just don't know what settings there could be that's crippling my connection.


daveinpoway
Premium
join:2006-07-03
Poway, CA
kudos:2

I am not familiar with that exact model, but, in general, UTM (Unified Threat Management) security appliances can do various tasks (deep-packet inspection, anti-virus scans, etc.) in order to insure that the data reaching your network is uninfected. Unfortunately, these services eat up a lot of CPU power and can cause slowdowns in the WAN-to-LAN speed.

A good place to start would be to turn off all of the UTM services except NAT and do a speed test. Then, you can turn the various services on, one at a time, and see which one(s) impact your speed the most. If the services which cause the most slowdown are ones that you can't live without, you will need to get a more powerful (and more expensive) appliance, which will have a faster CPU, more RAM, etc.



kontos
xyzzy

join:2001-10-04
West Henrietta, NY
reply to jmw

said by jmw:

I just don't know what settings there could be that's crippling my connection.

I'd check to make sure that you don't have a default route pointing to your VPN connection.
Only send the traffic that needs to be on the VPN over that connection.


s1deout
Geek4Life
Premium
join:2003-12-10
Troy, OH
kudos:2
reply to jmw

You should ditch the watchguard and go pfsense. Put it on a spare PC and it will blow your watchguard away.


jmw

join:2012-08-05
Cary, NC

Looking into it now, just wondering does it support site-to-site vpn? That's the main reason why I have the watchguard or at least stick with it.



s1deout
Geek4Life
Premium
join:2003-12-10
Troy, OH
kudos:2

Pfsense is like the Linux Cisco - it can do site to site and GRE tunneling as well.

Plus it has tons of 3rd party developed add in apps for it.