Firewall: Slow gigabit throughput on CIS_Setup_3.8 and 3.9

blkcamarozr28 · May 18, 2009, 11:21pm

Im running the Free Firewall with Defense+ and no AV. The gigabit throughput with the firewall on is about 300Mbps download and 600Mbps upload. With the “COMODO Internet Security Firewall Driver” unbound from my TCP/IP interface i get 700Mbps+ down and up. Testing was done on a Cisco 3560G switch and the speedtest server is on the local lan segment.

Does Comodo’s firewall driver slow packets down that much when its enabled? ???

Tested on both Windows XP SP3 and Vista Ultimate.
CIS_Setup_3.8.65951.477_XP_Vista_x32
CIS_Setup_3.9.76924.507_XP_Vista_x32

languy99 · May 19, 2009, 12:53am

what are your attack detection settings?

blkcamarozr28 · May 19, 2009, 1:01am

Intrusion Detection →
TCP Flood 20 packets 20 seconds
UDP Flood 20 packets 20 seconds
ICMP Flood 20 packets 20 seconds

Miscellaneous →
Block Fragmented IP Datagrams (Checked)

I tried unchecking “Block Fragmented IP Datagrams” but it made no difference in throughput speed.

languy99 · May 19, 2009, 1:15am

is anything else checked such as:

protect arp cache

block gratuitous arp frames

or anything else on the mic tab?

Also did you do a clean install or did you upgrade and what version of 3.9 do you have? .507, .508 , .509 ?

blkcamarozr28 · May 19, 2009, 1:32am

Nothing else is checked other then what was listed above. This is a completely default install with no custom tweaks. Also, when I tested the 3.9 I uninstalled 3.8 first and then installed 3.9 from the setup files.

Currently running CIS_Setup_3.9.76924.507_XP_Vista_x32. I assume this is 507? I just downloaded this from the website today.

languy99 · May 19, 2009, 1:42am

go to the mic tab in the main UI and check for updates, there should be one. The newest version is .509, they just have not posted it on the front site.

blkcamarozr28 · May 19, 2009, 4:40am

Just checked and it is running the latest ver (509). Any other ideas?

languy99 · May 19, 2009, 4:42am

Nope sorry maybe someone who knows more than me can help.

rhgtyink · May 19, 2009, 7:15am

Can you tell me what speedtest tool you use and what settings the tests are done with ?

blkcamarozr28 · May 19, 2009, 5:40pm

I have a Visualware speedtest server on my local LAN setup to test. Also, I’ve tested with iperf and the results was always slower when the Comodo Firewall driver was bonded to the TCP/IP nic interface.

rhgtyink · May 19, 2009, 6:48pm

I often use TTCP but have not tested 3.9 with it, are the error counters on your Cisco box clean ? and do they resemble the same 5 min avg in/out load for the traffic ? (or maybe set “load-interval 30” to have faster updates).

Are any of those tools free to use ?

And one other thing, have you tested it with the driver attached to the NIC and the FW set to disable ?
Is it still slowing the system down ?

blkcamarozr28 · May 19, 2009, 8:52pm

As for the Cisco switch its showing no errors, CRC, etc…

Visualware has a free 30day trial, where IPerf is a free utility (one side is server and the other side is client).
Just googled iperf.exe and found it on this site http://www.noc.ucf.edu/Tools/Iperf/iperf.exe
Its a slightly older version but it still works fine.

From a windows dos terminal type:
iperf -su (Workstation #1)
iperf -c 192.168.1.1 -b 1000M -t 30 (Workstation #2- *Note- 192.168.1.1 is the ip of Workstation#1)

When I have FW/Defense disabled it still runs slow, but the second i unbind it from the TCP/IP properties its blazing fast. That’s why i have a hunch its how the fw driver is shimmed on the nic interface.

rhgtyink · May 19, 2009, 9:16pm

I’ll compare my results tomorrow when a ran a few TTCP tests… I’ll be back

blkcamarozr28 · May 20, 2009, 3:34am

Here is my IPERF testing done.

Test w/o Comodo FW bound to TCP/IP NIC Interface
Test w/ Comodo FW bound and FW/Defense+ Enabled
Test w/ Comodo FW bound and FW/Defense+ Disabled

Each test was done twice.
Only Workstation #1 has Comodo installed.
Iperf setup to run 2 processes with 128KByte TCP window size for 30 seconds.
Both computers setup on same Cisco 3560G (GigaBit Switch running at Giga).

==Test w/o Comodo FW bound to interface==
workstation #1
iperf -s -w 128k
workstation #2
iperf -c 192.168.1.1 -w 128k -P 2 -t 30

Run1:
[ ID] Interval Transfer Bandwidth
[236] 0.0-30.0 sec 1.27 GBytes 364 Mbits/sec
[208] 0.0-30.0 sec 1.27 GBytes 363 Mbits/sec
[SUM] 0.0-30.0 sec 2.54 GBytes 727 Mbits/sec

Run2:
[ ID] Interval Transfer Bandwidth
[268] 0.0-30.0 sec 1.28 GBytes 365 Mbits/sec
[196] 0.0-29.9 sec 1.28 GBytes 367 Mbits/sec
[SUM] 0.0-30.0 sec 2.55 GBytes 730 Mbits/sec

==Test with Comodo FW bound to interface & FW/Defense+ enabled on Workstation#1==
workstation #1
iperf -s -w 128k
workstation #2
iperf -c 192.168.1.1 -w 128k -P 2 -t 30

Run1:
[ ID] Interval Transfer Bandwidth
[196] 0.0-30.0 sec 684 MBytes 191 Mbits/sec
[204] 0.0-30.0 sec 690 MBytes 193 Mbits/sec
[SUM] 0.0-30.0 sec 1.34 GBytes 385 Mbits/sec

Run2:
[ ID] Interval Transfer Bandwidth
[216] 0.0-30.0 sec 670 MBytes 187 Mbits/sec
[236] 0.0-30.0 sec 699 MBytes 196 Mbits/sec
[SUM] 0.0-30.0 sec 1.34 GBytes 383 Mbits/sec

==Test w/ Comodo FW bound to interface but FW/Defense+ disabled on Workstation#1==
workstation #1
iperf -s -w 128k
workstation #2
iperf -c 192.168.1.1 -w 128k -P 2 -t 30

Run1:
[ ID] Interval Transfer Bandwidth
[224] 0.0-30.0 sec 651 MBytes 182 Mbits/sec
[212] 0.0-29.5 sec 740 MBytes 210 Mbits/sec
[SUM] 0.0-30.0 sec 1.36 GBytes 389 Mbits/sec

Run2:
[ ID] Interval Transfer Bandwidth
[200] 0.0-30.0 sec 683 MBytes 191 Mbits/sec
[220] 0.0-30.0 sec 708 MBytes 198 Mbits/sec
[SUM] 0.0-30.0 sec 1.36 GBytes 389 Mbits/sec

blkcamarozr28 · May 21, 2009, 7:54pm

Anyone else run IPERF and get similar numbers on a gigabit network?

rhgtyink · May 22, 2009, 9:27am

My hardware is limiting me i think but here are my results:
I tested only the Transmit speed of the CIS host.

[b]With the Firewall driver attached to the NIC[/b] C:\Data\Tools\Ttcp>ttcp.exe -t -fm -n 80000 -l 16000 SpeedtestReceiver PCAUSA Test TCP Utility V2.01.01.08 TCP Transmit Test Transmit : TCP -> SpeedtestReceiver:5001 Buffer Size : 16000; Alignment: 16384/0 TCP_NODELAY : DISABLED (0) Connect : Connected to SpeedtestReceiver:5001 Send Mode : Send Pattern; Number of Buffers: 80000 Statistics : TCP -> SpeedtestReceiver:5001 1280000000 bytes in 26.57 real seconds = [b]367.58 Mbit/sec +++[/b] numCalls: 80000; [b]msec/call: 0.34; calls/sec: 3011.25[/b]

[b]With the Firewall driver detached from the NIC[/b] C:\Data\Tools\Ttcp>ttcp.exe -t -fm -n 80000 -l 16000 SpeedtestReceiver PCAUSA Test TCP Utility V2.01.01.08 TCP Transmit Test Transmit : TCP -> SpeedtestReceiver:5001 Buffer Size : 16000; Alignment: 16384/0 TCP_NODELAY : DISABLED (0) Connect : Connected to SpeedtestReceiver:5001 Send Mode : Send Pattern; Number of Buffers: 80000 Statistics : TCP -> SpeedtestReceiver:5001 1280000000 bytes in 19.83 real seconds = [b]492.54 Mbit/sec +++[/b] numCalls: 80000; [b]msec/call: 0.25; calls/sec: 4034.90[/b]

The difference of this quick test 1000 calls/sec less with the driver attached. 7 seconds less to run the same test. 0.09ms penalty per call.

ajp · May 24, 2009, 10:35am

Same problem here, I notice a significant drop in performance when copying files FROM my NAS. Almost half the regular throughput. Copying files TO the NAS doesn’t seem to suffer much at all…

I’d really appreciate a fix or workaround soon, I’d hate to have to uninstall it…

folk · May 25, 2009, 3:04pm

Exact Same problem here . :-[

Hope it’s will be fixed soon .

I really like Comodo

rhgtyink · May 25, 2009, 3:14pm

Can you guy’s please post one bug report here and fill it with all relevant information ?

https://forums.comodo.com/firewall_bugs-b151.0/

Remember please one post for this bug, if you have the same issue please post the requested info in that report.

blkcamarozr28 · May 26, 2009, 7:19pm

Created bug report. Thanks!
https://forums.comodo.com/firewall_bugs/firewall_slow_gigabit_throughput_on_cissetup38_and_39-t40190.0.html