To clarify further... In this situation, we are downgrading to a T1 (1.5Mbit/1.5Mbit) connection from a new service provider. The current connection is 3Mbit/3Mbit, works, but is insanely expensive (way more than twice the price). Locked into a service agreement. Switching will basically save enough money to not have to lay a person off... So it's pretty important than this works acceptably.
During this new firewall installation, someone decided to run Windows Updates on a four computers. Previously, this would not have choked the network, but with the new firewall (and new T1), it is choking it. Choking it dead. The four machines appear to contend for connectivity but after a few minutes, a couple of them just stall, one slows way down to a crawl and another stills keeps going (slower). Trying to browse the web on another computer is pretty much impossible. It's all bogged down. I have removed the dual WAN situation from the puzzle. Restored Factory Defaults and set up pfSense with a single IP and default rules. It is still doing this. Unfortunately, I'm really not sure if this saturation is exactly what I should be expecting... I've never really had this slow a network nor have I had the need to bog it down, so I've never run into this. Unfortunately, this isn't acceptable so I need to find a solution. I would have throught that pfSense would be able to evenly distribute the requests an dataflow. I did replace the pfSense box with a cheapo DD-wrt router, just to see if the same results happen. And they did... 1.5Mbit cap maxed out... crawling updates, unable to browse the web. I was looking at maybe Traffic Shaping, but I am confused as to if I need to go that far. For some reason my mind is locked on the idea that the firewall should be able to do this almost as a default. Just distribute the load... basically divide the connection evenly.... I don't think 4 machines running windows update should cripple internet access to everyone else.. This is a small paper publishing company. Their web based CRM is hosted off-premises (so access to this needs to be quick all the time). Sales people browse the web (so quick access is always needed, but CRM is more important). The publishing department FTP files regularly (up and down, we don't want them saturating the connection and affecting everyone). Email is hosted externally (same thing). VPN access is needed (wouldn't want that to saturate it). Web Radio, YouTube, etc... This office houses about 20 people. Any suggestions or advice would be greatly appreciated. Regards, ChuckM -----Original Message----- From: Chuck Mariotti [mailto:cmario...@xunity.com] Sent: Tuesday, May 12, 2009 10:06 PM To: support@pfsense.com Subject: [pfSense Support] T1 Saturating - Windows update kills the connection... ?? I have a T1 connection going through pfSense. When I run windows update on a computer, the internet grinds to a halt. If I run multiple windows updates, the internet is completely unusable. pfSense Traffice graph is pegged at 1.5... obviously the max, but for some reason, it's not sharing nicely. I have set this up with dual WAN, with the primary as the T1. I'd really hate to roll back things now, as I'm in the middle of the deploy. Any suggestions out there? ChuckM --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
