Try to be gentle with the old guy here. Here’s the issue I’m having.
I have a Netgate 1100 firewall running pfSense version 24.03
My ISP, Empire Access (aka Empire Fiber) provides symmetrical 500 Mbps up and 500 Mbps down.
I almost always get close to 466 down. My issue is that the upload speeds fluctuate.
Sometimes it is 466 Mbps and other times it falls closer to 60 Mbps or less.
I don’t see any issues in the pfSense logs that show issues during these slower upload periods.
I’ve used Networx to test the network speed for days at a time and see the same results.
3/25/2025 9:38 AM 12 ms 466 Mbit 466 Mbit ★★★★★
3/25/2025 8:06 AM 12 ms 419 Mbit 60 Mbit ★★★★★
3/25/2025 7:43 AM 12 ms 466 Mbit 466 Mbit ★★★★★
3/25/2025 7:20 AM 12 ms 466 Mbit 466 Mbit ★★★★★
3/25/2025 6:57 AM 12 ms 466 Mbit 466 Mbit ★★★★★
3/25/2025 6:34 AM 12 ms 419 Mbit 57 Mbit ★★★★★
3/25/2025 6:11 AM 12 ms 419 Mbit 49 Mbit ★★★★★
3/25/2025 5:48 AM 12 ms 419 Mbit 49 Mbit ★★★★★
3/25/2025 5:25 AM 12 ms 466 Mbit 466 Mbit ★★★★★
I spoke with my ISP and they requested I bypass my equipment and plug a PC directly into their fiber ONT. Those tests didn’t show any issues with upload speeds.
So, I built out a new pfSense CE firewall, removing my production switches, 1 Gbps smart and 1 Gbps dumb switch, and put my PC plugged directly into the LAN port and the WAN cabled directly to the ONT with the same upload speed issues. That makes me think that I may have a pfSense configuration issue causing this. All of my cables at CAT7 and I’ve tried using different cables.
I’m hoping someone with more experience than I have can suggest troubleshooting techniques I can use to help diagnose and address this issue.
Any suggestions for how to address this or things to check are welcome. Feel free to point out anything obvious. My career background was information security not networking so this is a learning opportunity for me.
Thanks for reading.
Bob
If you have the hardware, it might be interesting to install pfSense onto some other equipment, like say virtualize it on a Proxmox host, or even a bare metal install on a PC with two NICs. This way you may be able to determine if it is a hardware issue or a configuration issue.
Thank you all for the feedback. I realize that I wasn’t clear enough about my configuration and what I’ve tried so far. My network consists of an ISP supplied ONT->Netgate 1100 pfSense firewall and the Netgate 1100 firewall has two NICs, one for LAN and one for VLANs, with a standard switch connected to the LAN NIC and a Smart switch with 5 VLANS defined connected to the OPT NIC.
Realizing that I had too many points of failure I’ve tried stripping down the existing configuration and just left the Netgate 1100 pfSense firewall connected to the fiber ONT and then plugged a stripped down test PC into the LAN port.
When with the stripped down configuration also had the inconsistent upload speeds, I removed everything and built out a new pfsense firewall running on a dedicated PC chassis running pfSense CE, AMD Zen 3 CPU and 16 Gb of memory, way more than should be needed for this simple configuration.
This new firewall experienced similar upload speed inconsistencies.
Neither of my systems has any traffic shaping in place. I’m wondering if maybe putting some type of speed limiting rules in place might be useful for testing. Perhaps I’m getting queues because I’m sending data faster than the firewall or ISP can handle it? (just guessing)
Thank you for the feedback. I’ll review this again. I looked at in the past and ended up with mixed results. I try again and see if I can address the inconsistent upload speed issue I’m experiencing.
The Netgate 1100 should be able to handle the speeds your are being supplied, I’m seeing 900+mbps routing and 600+mbps across the firewall which should get you where you need to be.
My only other suggestion would be if you have an extra PC around and a NIC card with one than 1 port, load up PFsense or OPNsense and give that a try, maybe there is a problem with your specific Netgate 1100. You could try a USB NIC to get a second port, but they almost always start to fail when they get hot, so only for testing in my opinion.
I believe that OPNsense can run in live mode directly off the USB installer, but I might be wrong. Might make it easier for testing this
I hadn’t thought of trying OPNsense as a quick test. I’ll give that a try when I have some time. I have a spare PC with multiple NICs for the hardware won’t be an issue. Nice idea to see if it’s a hardware or software configuration issue.
I’m pretty sure it will run live from USB, but it’s not something I tested. If the PC is spare, and you have a spare drive, you can install either OPN or PF for testing.
Going forward, it’s nice to have something like a cheap HP T740 with a quad i350 card around for things like this. If you go this direction, don’t be afraid of BIOS locked versions, there’s a thread on the badcaps forum that will walk you through it, just needs a cheap CH341 with the voltage select switch and Neoprogrammer. Some people us RPi to do this task too.
