I'm in charge of maintaining a small network for a client (around 10-15 computers) that has an internet connection to the outside world of 100mbps (ironically, though, I just ran a speedtest bypassing the firewall completely, and got 115mbps).
Behind the Watchguard Firewall are a couple Cisco SG-200's (gigabit switches), and then Ubiquiti Unifi Wireless Access Points.
According to several resources I've read online (including http://www.guardsite.com/XTM-23.asp), this Watchguard XTM 23 (for which I've inherited the responsibility of maintaining) has a firewall throughput of 195mbps.
I also see it has an "XTM" throughput of 40mbps.
This is the first Watchguard I've ever worked with, and I'm trying to figure out the difference between XTM throughput and Firewall throughput.
What's the difference?
My second question…
I've never been able to get higher than ~45-50mbps running speed tests from inside the network / behind the Watchguard firewall. I even tried a test without anything else plugged into the firewall, and still couldn't get above 50mbps. If I had to guess, therefore, XTM throughput would be how much bandwidth to the internet (outside world) that this Watchguard can handle, and the Firewall throughput would be how much bandwidth it can handle internally on its gigabit ports between different segments of the network. Is this correct?
The reason I'm on this wild goose chase is two-fold:
- People have been complaining of slow internet
- We haven't been able to get even close to the speeds that we're supposed to be getting with our current internet connection.
Am I crazy for going ahead and assuming that this Watchguard is the bottleneck in our network? A few things that I've noticed is that Memory Utilization seems to be maxed out (especially when employees are present, and according to graphs I see, it isn't quite as high when they aren't here / during weekends). However, I've read on several websites that its common for the Watchguard to report all of the memory is utilized.
CPU usage has always been fine on the box, as well as average load.
If my haunch is correct, I'm thinking about getting rid of the Watchguard all together, and setting up a new box running pfSense on a SSD.
Best Answer
XTM throughput is the throughput when XTM/UTM services, such as WebBlocker, SpamBlocker, IPS, etc. are active. Firewall throughput is the throughput when those services are not active. I would suspect that the throughput you're seeing is a result of XTM/UTM services being active.