NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
bluemercury
Nov 13, 2015Aspirant
SRX5308 ProSafe Firewall - downstream running at slow speed, when Virgin Router in 'modem mode'
I'm aware that the issued listed for the current firmware (4.3.3-6) on our SRX5308 may be affecting us: * Traffic is not following WAN upload or down load(higher one of them )speeds if the upload...
- Nov 26, 2015
Hi DaneA.
Thanks again for your post.
Here is what I ultimately established (after doing all resets, etc, as promised).
I had been using the very commonly utilised speed test at www.speedtest.net in order to assess our broadband speeds. As you know, our Virgin line was connected up to our WAN2 port.
On visiting www.speedtest.net, it confirms you IP address and the ISP your connected with. This was coming up as the correct dynamic IP for our Virgin Line, and confirming that the broadband ISP was 'Virgin Media'.
On running the tests, typically on the SRX5308 I would get downstream speeds of no more than 17 Mbps, and upstream speeds of up to 12 Mbps. This indicated a great problem with our downstream bandwidth that should have been running at 125 Mbps. I have the ProSafe Firewall configured to forward all http (port 80) and https (443) to WAN2, no exceptions - so this should have been good enough.
What I discovered is that speedtest.net do not utilise port 80 or 443, but 8080 for at least their downstream tests. As there was no strict rule on the SRX5308 for this, the net result was the firewall actually forwarding the test traffic over our slower BT ADSL connection on WAN1, which tops out at about 17 Mbps. 99% of the time, it correctly sent the upstream test through WAN2 (giving us the 12 Mbps speed), but on very rare occasions it failed at this too, giving about 0.75 Mbps (this only happened very recently). For whatever reason, the load balancing on the SRX5308 must be slightly different to the FVX538, the latter largely sending the port 8080 traffic down WAN2, hence largely seeing correct readouts on this. Other tests I did had the Virgin line linked up as a single WAN option, so it always behaved, as it had nowhere else to send the traffic!
The red herrings along the way were:
1) When first noticing the test results, by coincidence the line was either running genuinely at a lower speed (perhaps some temp issues at Virgin) or the web server I was downloading files from was running at these lower speeds.2) The issue listed in the SRX5308 change log file, which has turned out to not be relevant.
3) The FVX538 generally performing the test correctly, despite being configured identically to the SRX5308 (load balancing must just be tweaked differently internally).
4) speedtest.net not warning of the fact the actually Adobe Flash based test (you hit the 'begin test' button, and it does it's magic) doesn't inform you that the test is running on a different IP address to the one that the front end displays, i.e. it should have assessed the difference between the Virgin IP displayed, and the BT one it was actually testing (that would really make sense for them to implement).
5) Probably other things which I forget in the process!
Incidentally, the SRX5308 did not take well to applying the old firmware - had a lot of problems rebooting and getting it accessible successfully, and had to do many resets. I did manage it in the end, and upgraded it back to the most recent firmware as soon as it was playing ball. Might be advisable to tell people to be cautious when flashing an old version of the firmware, even if it was ultimately salvagable.
The speed test at www.thinkbroadband.com appears to use the conventional http ports, giving accurate speed test results everytime.
So basically, this is problem solved! I'm going to post my own answer as the answer, as it was something quite outside of anything being discussed on here - but I truly do appreciate your input and Bob's input in trying to help me solve this conundrum. Thank you both very much, and sorry to have wasted any of your time at all! :-)
Many thanks,
Bobby
bluemercury
Nov 23, 2015Aspirant
Hi DaneA,
Apologies - the Netgear forum doesn't appear to be informing me when people post replies. Is there a way I can switch that setting on?
Thanks for the welcome :-)
In response to your questions, yes I believe (in the last few months) I have tried both of these. Certainly I've set the firewall up from scratch multiple times; I'm not 100% sure on trying the other WAN port, but I THINK I tried it in WAN3 instead of WAN2 (where it normally resides) some time back.
For completeness, I will attempt to repeat this excercise again tomorrow, outside of working hours.
I have also wondered whether it is worth downgrading the firmware to a time when this wasn't a problem - will the device allow me to do this? (I thinking of jumping back as far as a version 3 firmware, like that which is on the old FVX538 that is running for us at present).
Also, the issue I quoted from the current firmware warning - have I misunderstood what this means? Can you get tech support to qualify the issue further?
Many thanks :-)
DaneA
Nov 23, 2015NETGEAR Employee Retired
Hi bluemercury,
bluemercury wrote:
Apologies - the Netgear forum doesn't appear to be informing me when people post replies. Is there a way I can switch that setting on?
You may do these steps:
a. Click your username then click on My Settings. Refer on the image below:
b. Click on Subscriptions & Notifications. Then, on the Notifications Settings page, kindly set the notifications you want and click Apply. Refer to the image below:
bluemercury wrote:
In response to your questions, yes I believe (in the last few months) I have tried both of these. Certainly I've set the firewall up from scratch multiple times; I'm not 100% sure on trying the other WAN port, but I THINK I tried it in WAN3 instead of WAN2 (where it normally resides) some time back.
For completeness, I will attempt to repeat this excercise again tomorrow, outside of working hours.
This will help isolate the problem. Kindly post your observations and results.
bluemercury wrote:
I have also wondered whether it is worth downgrading the firmware to a time when this wasn't a problem - will the device allow me to do this? (I thinking of jumping back as far as a version 3 firmware, like that which is on the old FVX538 that is running for us at present).
I think you may downgrade the firmware. I recommend that you perform a factory reset after a successful downgrade of the firmware then reconfigure it from scratch.
bluemercury wrote:
Also, the issue I quoted from the current firmware warning - have I misunderstood what this means? Can you get tech support to qualify the issue further?
With regard to this, I encourage you to contact NETGEAR UK Support on this hotline number at anytime: 0843-4538000. Let them know your concerns with your SRX5308. System logs might be requested by NETGEAR Support to be anlyzed and your case might be escalated to the engineering team.
Regards,
DaneA
NETGEAR Community Team
- bluemercuryNov 26, 2015Aspirant
Hi DaneA.
Thanks again for your post.
Here is what I ultimately established (after doing all resets, etc, as promised).
I had been using the very commonly utilised speed test at www.speedtest.net in order to assess our broadband speeds. As you know, our Virgin line was connected up to our WAN2 port.
On visiting www.speedtest.net, it confirms you IP address and the ISP your connected with. This was coming up as the correct dynamic IP for our Virgin Line, and confirming that the broadband ISP was 'Virgin Media'.
On running the tests, typically on the SRX5308 I would get downstream speeds of no more than 17 Mbps, and upstream speeds of up to 12 Mbps. This indicated a great problem with our downstream bandwidth that should have been running at 125 Mbps. I have the ProSafe Firewall configured to forward all http (port 80) and https (443) to WAN2, no exceptions - so this should have been good enough.
What I discovered is that speedtest.net do not utilise port 80 or 443, but 8080 for at least their downstream tests. As there was no strict rule on the SRX5308 for this, the net result was the firewall actually forwarding the test traffic over our slower BT ADSL connection on WAN1, which tops out at about 17 Mbps. 99% of the time, it correctly sent the upstream test through WAN2 (giving us the 12 Mbps speed), but on very rare occasions it failed at this too, giving about 0.75 Mbps (this only happened very recently). For whatever reason, the load balancing on the SRX5308 must be slightly different to the FVX538, the latter largely sending the port 8080 traffic down WAN2, hence largely seeing correct readouts on this. Other tests I did had the Virgin line linked up as a single WAN option, so it always behaved, as it had nowhere else to send the traffic!
The red herrings along the way were:
1) When first noticing the test results, by coincidence the line was either running genuinely at a lower speed (perhaps some temp issues at Virgin) or the web server I was downloading files from was running at these lower speeds.2) The issue listed in the SRX5308 change log file, which has turned out to not be relevant.
3) The FVX538 generally performing the test correctly, despite being configured identically to the SRX5308 (load balancing must just be tweaked differently internally).
4) speedtest.net not warning of the fact the actually Adobe Flash based test (you hit the 'begin test' button, and it does it's magic) doesn't inform you that the test is running on a different IP address to the one that the front end displays, i.e. it should have assessed the difference between the Virgin IP displayed, and the BT one it was actually testing (that would really make sense for them to implement).
5) Probably other things which I forget in the process!
Incidentally, the SRX5308 did not take well to applying the old firmware - had a lot of problems rebooting and getting it accessible successfully, and had to do many resets. I did manage it in the end, and upgraded it back to the most recent firmware as soon as it was playing ball. Might be advisable to tell people to be cautious when flashing an old version of the firmware, even if it was ultimately salvagable.
The speed test at www.thinkbroadband.com appears to use the conventional http ports, giving accurate speed test results everytime.
So basically, this is problem solved! I'm going to post my own answer as the answer, as it was something quite outside of anything being discussed on here - but I truly do appreciate your input and Bob's input in trying to help me solve this conundrum. Thank you both very much, and sorry to have wasted any of your time at all! :-)
Many thanks,
Bobby
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!