Dear Community,
We have a SRX240 A-P cluster in place.
The Untrust Zone is based on reth15 which is on ge-0/0/15 and ge-5/0/15. On these ports the ISP Link is connected through a Brocade Switch. The speed settings are on both sides 1g full-duplex for these ports.
When i do a internet speedtest on a physical machine with a 1Gbps NIC behind the SRX e.g. in Trust Zone, it shows me everythime only an amount of max. 50 Mbps Up and Download Speed.
In fact we have a 1Gbps Download and also more than 50Mbps Upload Speed.
When i have a look into the untrust reth interface while measuring it also reflexes the 50 Mbps (throughput)
root@mysrx240> show interfaces reth15.0
Logical interface reth15.0 (Index 80) (SNMP ifIndex 565)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 43649400 4484 21541080613 48689304
Output: 45514690 2374 24440264763 2118176
Security: Zone: untrust
Allowed host-inbound traffic : https ike ping ssh
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Where could we have our bottleneck on the SRX?
I mean the throughput should definitely be higher, shouldn't it?
The cpu of the SRX is fine... somewhere 60% idle....
Could it be an issue because we are using source and destination NAT?
We dont have that much security policies (about 50) so i dont think its because of too much policies...
Everything else is working perfect, just the internet speed behind the SRX is always stopping at around 50Mbps.
I'm thankful for any hint or ideas...