Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. KerioControl
  2. KerioControl - Performance
  3. Articles

Improving Speed performance

Overview

While having Internet speed drops with Kerio Control, several firewall features might be causing such issues. As a result, users may face Internet outages, connectivity, and ping problems while connecting to the firewall.

As Kerio Control is designed to be functioning as a UTM solution, the speed is limited by functional areas of the product. Apart from the product features, the speed performance might be throttled by external factors.

This article provides details on Speed test results for hardware boxes and how certain functionality is affecting the Download/Upload speed.

Solution

While conducting dozens of speed tests and measurements, Kerio Control team has identified key reasons why you might experience a severe reduction in speed performance. The common ones are listed below.

Important: all the tests were held with a ~1Gb link (ISP contracted speed).

Browser vs App

It's recommended to use speed test applications, instead of Browsers, that might have additional plugins, or security protection/tracking features enabled, etc.

You should perform tests using a modern PC with an appropriate CPU and RAM specs. It's advisable to have at least 4 core CPU and 16 GB of RAM.

WiFi vs Cable

Important: applicable only for NG100W and NG300W boxes.

While measuring the speed, please use a Cable LAN connection to the box. WiFi measuring depends a lot on the environment itself.

General WiFi signal factors

  1. Old Wifi Band and low Channel values. Using the 5GHz ac band and the highest channel available is advisable. Changing the band from 2.4 to 5 GHz allows improving the speed dramatically in a normal domestic environment.
    Screen_Shot_2020-12-25_at_12.49.49_PM.png
    Note: unless other settings are instructed by the Support team.
  2. Box location and WiFi antenna direction. To cover offices of more than 70-100 square meters with a wireless network (i.e. "punching" thick walls) often require more powerful Wi-Fi equipment. Additionally, wireless boxes need open spaces, away from walls and obstructions. You'll get a better signal if it's surrounded by open-air (which should prevent the router from overheating, too). Keep it away from heavy-duty appliances or electronics as well, since running those in close proximity can impact Wi-Fi performance.
  3. Interference with other WiFi networks. If there are too many WiFi networks in your area using the same Band settings, the connection might slow down. Please consider using 5 GHz, however, some older client devices (PCs, mobile phones, tablets, etc) might be not capable of supporting this standard.

Hardware box CPU specs

Running speed test is stressing out the hardware processor mostly.

The time period when the tests were held

Screen_Shot_2020-12-25_at_10.54.54_AM.png

Depending on your hardware box specs, the speed results may show different results. The important part is playing the client's PC specs as well.

NG100W (Macbook Air with 16 GB RAM and 4-core CPU)

WiFi connection

Screen_Shot_2020-12-25_at_12.11.47_PM.png

Cable

Screen_Shot_2020-12-25_at_10.39.18_AM.png

NG300W cable (Macbook Pro with 8 GB RAM and 4-core CPU)

macbook_ng300w_app.png

NG500 cable with different servers (Windows PC with 8 GB RAM + 8-core CPU)

Screen_Shot_2020-12-29_at_11.22.53_AM.pngScreen_Shot_2020-12-29_at_11.23.44_AM.pngScreen_Shot_2020-12-29_at_11.24.36_AM.pngScreen_Shot_2020-12-29_at_11.26.25_AM.png

Note: NG510/NG511 boxes are showing identical results in a 1Gb environment.

NG110 cable connection (Windows PC with 24 GB RAM + 4-core CPU)

9.3.4 version

speedtest_ng110_cable.png

9.3.5 version

speedtest_ng110_cable_9_3_5.png

9.3.5 with a better server

speedtest_ng110_cable_9_3_5_nashnet.png

NG310 cable with different servers (Windows PC with 8 GB RAM + 8-core CPU)

Screen_Shot_2020-12-29_at_1.01.47_PM.pngScreen_Shot_2020-12-29_at_1.02.53_PM.png

Screen_Shot_2020-12-29_at_1.03.51_PM.pngScreen_Shot_2020-12-29_at_1.04.54_PM.png

 

Important: please consider upgrading to the new equipment, NG110/NG310/NG510/NG511 boxes, as they are using a modern CPU with better specifications.

 

Server location, Ping and Jitter

An important role plays the speed server you're measuring against. Each server has individual specs, that affect ping, jitter, and traffic percentage loss values.

It's recommended to perform several tests using different servers. The speed tests are artificial ways to identify the real Internet performance. Accessing each website or non-HTTP resource will show different results in most cases.

 

VM Resource Allocation

It is not uncommon for server virtualizing machines to have more vCPUs allocated than the host provides. In such circumstances, resource weights/shares should be higher for KerioControl for continued optimal speeds.

In Hyper-V, set a higher "Relative Weight" for the VM's setting for Hardware, Processor.

In VMware, set the VM's Resource Settings to "High" to allocate twice as many shares of CPU and Memory.

 

Kerio Control features

If you require a higher Download/Upload speed, you may consider disabling particular Kerio Control advanced functionality.

IPS and Antivirus

Disabling IPS and Antivirus showed an improvement in 5-10% Download and 20-30% Upload speed. These key features for protecting users against network threats are consuming a major part of Internet speed.

Application Awareness and Content Filter

Disabling Application awareness and Content Filter showed a 15-20% improvement in download speed.

Screen_Shot_2020-12-25_at_11.54.18_AM.png

Bandwidth Management

If you have custom Bandwidth management and QoS configured, make sure to not limit the data for Large data transfers option.

Screen_Shot_2020-12-25_at_11.39.41_AM.png

If the data is limited to a certain value (i.e. 10 Mbit/s), the speed results will show the appropriate performance.

Screen_Shot_2020-12-25_at_11.38.00_AM.png

If you're connecting from the external network through VPN, consider testing with and without "Use rules for VPN tunnels before encrypting" option. Depending on traffic rules, disabling or enabling that checkbox might improve the speed.

IPsec VPN vs Kerio VPN

If you're using an IPsec VPN connection using PSK or certificate, you will notice a significant Speed drop, compared to the Kerio VPN client.

Windows native IPSec with PSK auth (NG500 cable)

Screen_Shot_2020-12-29_at_11.49.09_AM.png

Kerio VPN client ("VPN tunnels before encrypting" is disabled)

Screen_Shot_2020-12-29_at_11.58.48_AM.png

"VPN tunnels before encrypting" is enabled

Screen_Shot_2020-12-29_at_12.01.28_PM.png

System uptime

For continuous network protection, Kerio Control is using database and signatures updates. While performing the speed test straight after the Kerio Control box reboot, you might see better Download/Upload results.

Screen_Shot_2020-12-25_at_12.11.47_PM.png

 

Final considerations

Disabling all the above-mentioned features (together with VPN server) and meeting all the testing criteria might help you to achieve the best speed performance of your Kerio Control box. However, disabling these features is not recommended, as UTM functionality protects from intruders and viruses.

Screen_Shot_2020-12-25_at_12.04.55_PM.png

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments