Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Why is KWF 6.0.1 so slow compared to ISA 2004?
  •  
Tahattmeruh

Messages: 10
Karma: 0
Send a private message to this user
I have a GBit NIC in my server for my internal network. Without Kerio installed, I get over 25 MB/s. With Kerio installed and service disabled, I get 7 MB/s. With Kerio enabled, the throughput drops to 600 KB/s to 3 MB/s.
After removing KWF and installing ISA 2004, I have a constant high throughput. And my pings got better.
Why is KWF so slow?

Tahattmeruh
  •  
andyjau

Messages: 1
Karma: 0
Send a private message to this user
kwf 6.0.1 is really slow than isa 2004. if you can read chinese,press this link:

http://www.isaservercn.org/info/info.php?sessid=&infoid= 45
  •  
RedDelPaPa

Messages: 11
Karma: 0
Send a private message to this user
I have the exact same problem. Kerio is dog azz slow with just the software installed. It doesn't even have to be running. It kills my LAN performance from 40+MB/sec, to about 3MB/sec. That is crap! If that's just how KWF is, then KWF stinks, and I sure as heck won't use it. For the first time, I prefer a microsoft product over a 3rd party product. Smile

I see no one in here cares to reply to this issue. Maybe kerio doesn't care about it. Maybe others haven't noticed it. However, it's right in your face. How could you not notice it?

I have a copy of ISA 2004. Do you know how to set it up? If so, I could use your help getting it working. ISA is proof that you can have a working firewall and still maintain a fast, efficient local area network.

Nate
  •  
RedDelPaPa

Messages: 11
Karma: 0
Send a private message to this user
Well kerio?

bump,
  •  
opaque

Messages: 53
Karma: 0
Send a private message to this user
Neutral I thought I was alone. If this is really a 'feature' please give us a checkbox to turn it off!

P C N X .com - your pc annex :: computing news at your fingertips
  •  
coco

Messages: 38
Karma: 0
Send a private message to this user
This is a well-known issue with KWF. Kerio are aware of the issue (*many* people have made them aware), but it seems they have no intention of fixing it.

See this thread for other comments:

http://forums.kerio.com/index.php?t=msg&th=3678&star t=0&S=fa5dbda45ef56f48b90ceb73fef2cf8e

Beware the self-professed 'experts' who seem happy to defend Kerio's position. Then refer them to every other firewall manufacturer for a good laugh at their expense.
  •  
Splattered

Messages: 15
Karma: 0
Send a private message to this user
coco wrote on Sun, 22 May 2005 23:36

This is a well-known issue with KWF. Kerio are aware of the issue (*many* people have made them aware), but it seems they have no intention of fixing it.

See this thread for other comments:

http://forums.kerio.com/index.php?t=msg&th=3678&star t=0&S=fa5dbda45ef56f48b90ceb73fef2cf8e

Beware the self-professed 'experts' who seem happy to defend Kerio's position. Then refer them to every other firewall manufacturer for a good laugh at their expense.


Considering I have worked for the likes of IBM for many years and now I am about to join Vodafone in quite a large project spanning across the globe I won't say I am an expert, but I can certainly say I am professional and knowledgeable in my field. So boohoo to CoCo Systems and their lamer Steve Moss Laughing

Perhaps you should look at what KWF slows down (answer is in the debug log!) and then ask yourself why would you want to do that? Keep in mind that KWF is written to enforce this, it is not a software bug! And compare all you like to other products, we are talking about KWF... if you don't like it stop whining about it and use the other product!

Because I know the answer I will say this, the idea is good... the fact that Kerio have not given the user the option to enable/disable/adjust it is not a good idea.
  •  
coco

Messages: 38
Karma: 0
Send a private message to this user
Quote:

Considering I have worked for the likes of IBM for many years and now I am about to join Vodafone in quite a large project spanning across the globe I won't say I am an expert, but I can certainly say I am professional and knowledgeable in my field. So boohoo to CoCo Systems and their lamer Steve Moss Laughing

Well, Mr. Jones, it seems you still don't get the point at all. However many protestations you make, it is absolutely clear that you are demonstrably *not* up to the abilities you profess to have. Try removing the blinkers you wear and then look closer to home for a 'lamer' . Laughing

Regards,
Steve Moss,
CoCo Systems Ltd.
  •  
Splattered

Messages: 15
Karma: 0
Send a private message to this user
coco wrote on Tue, 24 May 2005 10:20

Quote:

Considering I have worked for the likes of IBM for many years and now I am about to join Vodafone in quite a large project spanning across the globe I won't say I am an expert, but I can certainly say I am professional and knowledgeable in my field. So boohoo to CoCo Systems and their lamer Steve Moss Laughing

Well, Mr. Jones, it seems you still don't get the point at all. However many protestations you make, it is absolutely clear that you are demonstrably *not* up to the abilities you profess to have. Try removing the blinkers you wear and then look closer to home for a 'lamer' . Laughing


Well why is it I know the answer and you don't? Not one person including yourself who seems to think they understand networks far beyond anyone else has ever put anything in here when the whole time the answer lies in the debug log. Thus far I have been the only person to acknowledge it that I know of. It took me very little time to see why KWF kills TCP performance. Not once have you added anything of why the problem is there... you merely keep at Kerio about it and making comparisons to other products. Perhaps the company is taking a different approach to others? Who knows... that I can't answer for you. I have a use for the so called problem that you don't, so to me that performance decrease that you drama queens keep crapping on about has a use... although you can't see that no matter which way I give it to you. Yes I agree, I should take my blinkers off and stop focusing my time on lamers. Rolling Eyes Give me some useful information for a change and I will no longer have a reason to give you gib Shocked
  •  
coco

Messages: 38
Karma: 0
Send a private message to this user
Splattered wrote on Tue, 24 May 2005 09:41

Well why is it I know the answer and you don't? Not one person including yourself who seems to think they understand networks far beyond anyone else has ever put anything in here when the whole time the answer lies in the debug log. Thus far I have been the only person to acknowledge it that I know of. It took me very little time to see why KWF kills TCP performance. Not once have you added anything of why the problem is there... you merely keep at Kerio about it and making comparisons to other products. Perhaps the company is taking a different approach to others? Who knows... that I can't answer for you. I have a use for the so called problem that you don't, so to me that performance decrease that you drama queens keep crapping on about has a use... although you can't see that no matter which way I give it to you. Yes I agree, I should take my blinkers off and stop focusing my time on lamers. Rolling Eyes Give me some useful information for a change and I will no longer have a reason to give you gib Shocked

Mr. Jones ... there really is no point me wasting my time further on the drivel you spout, so this is the last time I will address you here. If you must act like the emotionally immature person you show yourself to be, you're in no position to claim you are professional at the same time. Your behaviour and your claims are at complete odds. So now, it's time for you to bow out gracefully (though I very much doubt your ability to do that) and leave the issue to those that find it unacceptable, and to Kerio themselves.

Regards,
Steve Moss,
CoCo Systems Ltd.
  •  
Splattered

Messages: 15
Karma: 0
Send a private message to this user
coco wrote on Tue, 24 May 2005 10:56

Splattered wrote on Tue, 24 May 2005 09:41

Well why is it I know the answer and you don't? Not one person including yourself who seems to think they understand networks far beyond anyone else has ever put anything in here when the whole time the answer lies in the debug log. Thus far I have been the only person to acknowledge it that I know of. It took me very little time to see why KWF kills TCP performance. Not once have you added anything of why the problem is there... you merely keep at Kerio about it and making comparisons to other products. Perhaps the company is taking a different approach to others? Who knows... that I can't answer for you. I have a use for the so called problem that you don't, so to me that performance decrease that you drama queens keep crapping on about has a use... although you can't see that no matter which way I give it to you. Yes I agree, I should take my blinkers off and stop focusing my time on lamers. Rolling Eyes Give me some useful information for a change and I will no longer have a reason to give you gib Shocked

Mr. Jones ... there really is no point me wasting my time further on the drivel you spout, so this is the last time I will address you here. If you must act like the emotionally immature person you show yourself to be, you're in no position to claim you are professional at the same time. Your behaviour and your claims are at complete odds. So now, it's time for you to bow out gracefully (though I very much doubt your ability to do that) and leave the issue to those that find it unacceptable, and to Kerio themselves.



What was so immature about that i don't know... must be those blinkers you keep referring to. But either way... you still have not answered the question... to which I did in the post you referred to earlier. So if you can better that I'll leave you alone. If you are just going to keep targeting me then really you are no better than I Laughing And I will continue to bug you to the far corners of the forum Very Happy
  •  
Splattered

Messages: 15
Karma: 0
Send a private message to this user
Anyway... now that we seem to be past flaming, this is the answer I posted in the referred thread should anyone be interested in a proper answer rather than dribble. This although not a solution gives you "why" performance is slow.

Quote:

In short, KWF restricts TCP packet size from its maximum allowed size of 65500 down to 8192. Because the server can't send large packets it has to send more small packets which causes slow performance. So no matter what you guys tweak in KWF it isn't going to help you until you either remove KWF from that machine and put it on a dedicated box or Kerio give us the ability to change the max. packet size allowed.


ISA and most other products don't have this restriction, why Kerio chose to do this I don't know, I believe it's to cut down DoS attacks etc. So if you can't live with it, change product!
  •  
Jeraf

Messages: 27
Karma: 0
Send a private message to this user
This is the answer from kerio about network performance problem:

Quote:

The WinRoute machine itself should not be used as a file server. WinRoute does not support Gigabit network cards. I would recommend moving your file server off of the Kerio WinRoute Firewall machine. The WinRoute machine should only be used for the WinRoute software.

Best regards,
Jeff Wadlow


I think kerio just ignore this problem. I will move to ISA, when my subscription expires.
  •  
opaque

Messages: 53
Karma: 0
Send a private message to this user
They should let people know if it doesn't support Gigabit networks beforehand!

Either way, we're on a 100Mbit connection and Kerio can't even do more than 2MB/s.. We used to get 8MB/s at least before.

P C N X .com - your pc annex :: computing news at your fingertips
tekert

Messages: 4
Karma: 0
Send a private message to this user
Quote:

In short, KWF restricts TCP packet size from its maximum allowed size of 65500 down to 8192. Because the server can't send large packets it has to send more small packets which causes slow performance. So no matter what you guys tweak in KWF it isn't going to help you until you either remove KWF from that machine and put it on a dedicated box or Kerio give us the ability to change the max. packet size allowed.


that maybe true, but i use IPX for file for data transfer between KFW and other machines, and i get a boost of 2mB/s ...
the problem is more than just a TCP buffer size.. Winroute.. even 6.1.1 had always been a problem with many connections, causing TCP timeouts, example when i have 300-400 active TCP conections i can't open web pages or initiate more connections.. even if i close all the 300-400 active connections i cant initiate net coneccions, or send UDP packets, everything IS SO SLOW. IS like the NAT table has a serious permormance degradation. multimedia aplications from clients are a nightmare too (so slow..).
i thought it was hardware quality or internet connections, but after usign other products (ISA for example) is another world in performance..
sorry my english, its that kerio is a good product, but is suffers from permormance degradation in everything!
Previous Topic: Auto Resonse
Next Topic: Port Forwarding in Gunz Online???
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 11:20:40 CET 2017

Total time taken to generate the page: 0.00511 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.