Endpoint Protection

 View Only

  • 1.  SEP 12.1.6 MP6 Firewall Optimization?

    Posted Nov 16, 2016 04:52 PM

    Hello Followers of the Gold and Black.

    I received a call from our networking folks, and they felt that the SEP firewall was affecting data throughput by an unacceptable amount. Below are two iperf sessions, the first with the firewall enabled, and the second with it disabled (not uninstalled). Are there any types of firewall rules I could look at modifying to help increase the data throughput? Or something else in the console I chould check to improve the situation?

    Here are the two sessions, as you can see it's a pretty significant difference with the SEP firewall off.

    User@Machine:~$ iperf -c 123.123.123.123 -p 139 -i 1
    ------------------------------------------------------------
    Client connecting to 123.123.123.123, TCP port 139
    TCP window size: 85.0 KByte (default)
    ------------------------------------------------------------
    [  3] local 123.123.123.1 port 56031 connected with 123.123.123.123 port 139
    [ ID] Interval       Transfer     Bandwidth
    [  3]  0.0- 1.0 sec  18.0 MBytes   151 Mbits/sec
    [  3]  1.0- 2.0 sec  20.0 MBytes   168 Mbits/sec
    [  3]  2.0- 3.0 sec  18.6 MBytes   156 Mbits/sec
    [  3]  3.0- 4.0 sec  19.5 MBytes   164 Mbits/sec
    [  3]  4.0- 5.0 sec  19.5 MBytes   164 Mbits/sec
    [  3]  5.0- 6.0 sec  19.0 MBytes   159 Mbits/sec
    [  3]  6.0- 7.0 sec  19.8 MBytes   166 Mbits/sec
    [  3]  7.0- 8.0 sec  20.5 MBytes   172 Mbits/sec
    [  3]  8.0- 9.0 sec  19.9 MBytes   167 Mbits/sec
    [  3]  9.0-10.0 sec  19.8 MBytes   166 Mbits/sec
    [  3]  0.0-10.0 sec   195 MBytes   163 Mbits/sec


    User@Machine:~$ iperf -c 123.123.123.123 -p 139 -i 1
    ------------------------------------------------------------
    Client connecting to 123.123.123.123, TCP port 139
    TCP window size: 85.0 KByte (default)
    ------------------------------------------------------------
    [  3] local 123.123.123.1 port 56032 connected with 123.123.123.123 port 139
    [ ID] Interval       Transfer     Bandwidth
    [  3]  0.0- 1.0 sec  83.4 MBytes   699 Mbits/sec
    [  3]  1.0- 2.0 sec  85.8 MBytes   719 Mbits/sec
    [  3]  2.0- 3.0 sec  78.1 MBytes   655 Mbits/sec
    [  3]  3.0- 4.0 sec  66.6 MBytes   559 Mbits/sec
    [  3]  4.0- 5.0 sec  83.9 MBytes   704 Mbits/sec
    [  3]  5.0- 6.0 sec  82.0 MBytes   688 Mbits/sec
    [  3]  6.0- 7.0 sec  72.5 MBytes   608 Mbits/sec
    [  3]  7.0- 8.0 sec  67.9 MBytes   569 Mbits/sec
    [  3]  8.0- 9.0 sec  68.4 MBytes   574 Mbits/sec
    [  3]  9.0-10.0 sec  71.4 MBytes   599 Mbits/sec
    [  3]  0.0-10.0 sec   760 MBytes   637 Mbits/sec


    Thanks for your time,

    -Mike



  • 2.  RE: SEP 12.1.6 MP6 Firewall Optimization?

    Posted Nov 16, 2016 04:57 PM

    Seems more like a bug to me, similar to what occurred in a version of 12.1.2 . I'd suggest a call into support so they can review a pcap and have advanced logging enabled while re-producing the issue. I doubt it has anything to do with the amount of rules, you could check the Traffic log to see what's there. Also, could be something with the hardware and SEP.

    To test, create a new policy with only one allow all rule and see if that makes a difference.

    Also, what this normal prior to 12.1.6 MP6?