Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Master Untangler
    Join Date
    Jul 2011
    Posts
    150

    Default Overloaded hardware or other issue?

    Hey all,

    Iím trying to track down an issue with my UT box, and Iím wondering if the problem is the box itself is just getting overloaded.

    Several times since the start of the school year Iíve had days where 200 Ė 250 users are doing research or web-based testing and weíve had terrible connection speed. On the UT console itíll show somewhere in the neighborhood of 3000-3500 sessions and CPU the CPU load will show high. (Right now with 500ish sessions and around 150 users itís showing Medium)

    When the connection is terribly slow the Web Filter, Spyware blocker and Application Blockers are showing Scan/Block/Pass all pegged to MAX.

    Iíve tested by setting myself to completely bypass everything, or have plugged in upstream of the UT box and have a fine connection speed.

    Our connections are a 7mbps DSL line and a 10mpbs Cable line, which seemed to be sufficient last year.

    From looking at the UT hardware requirements, what we have looks OK, but I know that real-world can differ from paper.

    Below are the specs of the sever and the apps we run.

    Hardware in the server is:
    2x Intel Xeon 3050 2.13ghz
    4 GB Ram
    2 onboard NIC
    2 PCI NIC

    Running apps are:
    Web Filter
    Virus Blocker
    Spyware Blocker
    Spam Blocker
    Phish Blocker
    Web Cache
    Bandwidth Control
    Application Control
    Application Control Lite
    Firewall
    Intrusion Prevention
    Ad Blocker
    WAN Failover
    WAN Balancer



    Open VPN

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    I would call support and tell them what you are experiencing and we can take a look.

    Also, it sounds like you are running 9.2
    I would upgrade to 9.3
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler
    Join Date
    Jul 2011
    Posts
    150

    Default

    Thanks, I'll do that.

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Also, what is your data retention setting in reports->settings?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    421

    Default

    Which brand/model are those "2 PCI NIC"?

  6. #6
    Master Untangler
    Join Date
    Jul 2011
    Posts
    150

    Default

    Hmm. Missed the replies to this thread, nothing like being a month late.


    Report retention is 7 days.


    The NICs the onboard NICs on a serverclass ASUS motherboard, offhand I don't know what, but I'm guessing Marvell or RealTek. I'll have to look.


    The problem comes and goes. For a couple weeks we had no issues, but we're having the same trouble again.

  7. #7
    Untangler
    Join Date
    Jul 2010
    Location
    IN
    Posts
    59

    Default

    i would say it is realtek they cuase all kinds of problems. like you are talking about.. us intel pro 1000 gt or pt adapters..disable the realtek cards in bios on the box..

  8. #8
    Newbie
    Join Date
    Jan 2012
    Posts
    1

    Default

    Having a similar problem. 5 WAN (30/30/30/5/5Mbps), 200 users, high CPU utilization, slow surf speeds. v9.3.2

  9. #9
    Newbie
    Join Date
    Jun 2011
    Posts
    7

    Default

    We encountered similar issue too, due to bittorrent.

    1 single joker can bring down the whole firewall. An aggressive bittorent client can easily spawn 4000-6000 sessions and in no time, your CPU shoots up and the firewall just hang and become unresponsive.

    What we did (without paying any single cent for bandwidth control), was to use application control log to identify the IP address that's running Bittorrent, and mark the IP with the MAC address, and block them fully from the firewall rule. The joker will surrender himself when he has no internet connection and you can easily identify him, unless he doesn't come to you and fine with being blocked from accessing the internet.

    I need a more effective way, without costing additional $$$..... any suggestion?

  10. #10
    Untangle Ninja hescominsoon's Avatar
    Join Date
    Sep 2007
    Posts
    1,707

    Default

    Quote Originally Posted by Tingshen View Post
    We encountered similar issue too, due to bittorrent.

    1 single joker can bring down the whole firewall. An aggressive bittorent client can easily spawn 4000-6000 sessions and in no time, your CPU shoots up and the firewall just hang and become unresponsive.

    What we did (without paying any single cent for bandwidth control), was to use application control log to identify the IP address that's running Bittorrent, and mark the IP with the MAC address, and block them fully from the firewall rule. The joker will surrender himself when he has no internet connection and you can easily identify him, unless he doesn't come to you and fine with being blocked from accessing the internet.

    I need a more effective way, without costing additional $$$..... any suggestion?
    Attack blocker can be a pain but it will save you from the bittorrent DOS. turn it on and let it roll. Everyone is going to tank at first..it'll take some work to tweak the exceptions..always start off using the 5 user setting..AFTER you make sure the machines that are getting nailed aren't infected..using some kind of high connection software..etc etc...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2