ConfigServer Firewall Question-1Gbps Network Port

Portal Home > Knowledgebase > Articles Database > ConfigServer Firewall Question-1Gbps Network Port

Posted by cmedik, 03-27-2015, 09:16 PM
Well been working with my Dedicated server provider over the last few weeks asking about 1Gbps Network Port private and public. Well they did a test a week ago and said since i am using about 70k csf firewall rules according to them that why my port speed is slow. They said once they disabled it they were able to get the full speed and when enabled it slowed it down. I do use the cc allow filter with about 7 entries only. So is it possible that CSF can slow a port speed down? Now i have done a tracert to the serve it s only 6 hops. But when i download or upload to them via ftp or download from them i max at 1.1 and sit there. Even when CSF is disabled i still only get that speed from my office and it has a 1k up and down averages about 850. Any other way to test the server for download speeds away from my office, home and other servers i use are same speed. But i am in Utah they are in Philadelphia.
Posted by net, 03-28-2015, 12:00 AM
Moved > Hosting Security and Technology.
Posted by EpicNodes-Pravin, 04-01-2015, 04:15 AM
There are plenty of tools available with which you can check the download speed in different locations , just google your query and you will get it .
Posted by cmedik, 04-05-2015, 12:48 PM
I was told my CSf had 70000 firewall rules, most of them are from CC allow filter and was asking could this affect bandwidth performance?
Posted by TheSHosting, 04-05-2015, 01:01 PM
When number of rules increases, there'll more work needed at firewall/network layer based on the number of rules for respective chains and that will affect performance I guess.
Posted by ItsChrisG, 04-05-2015, 01:59 PM
YES. You are overloading your network by having a ton of filtering rules to process. Why are you doubting what they said? It's easy to prove. Disable CSF then TEST. How do you think your server can process 70,000!!! Rules for every packet and connection it gets concurrently every MILLISECOND and you still get good performance?? Logic...
Posted by MichaelFindlay, 04-05-2015, 04:21 PM
I would reduce the number of rules inside your firewall, you can set CSF to only block up to a set number of IP's and then as it runs out of space in the table it will remove the oldest. I would suggest dropping the number and seeing how it performs at this stage. It is also possible that you may have reached the point at which you may be looking at a dedicated hardware in the form of a virtual server or PFSense or Watchguard appliance for example. How much bandwidth are you using on a daily basis?
Posted by cmedik, 04-05-2015, 08:34 PM
I just reduced the number of firewall rules. CSF allow was the issue so i took everything out and everything is good and faster now.