Watchguard XTM22 issues & throughput speed

The patient is a Watchguard (WG) XTM 22; it is the middle of the bottom tier of firewalls offered. Some speed issues where being noticed on a Comcast High Speed connection with their "Boost" package.

The first part of trouble shooting was to find out what the connection is capable of; by directly connecting a PC to the Motorola Docis 3 modem.

After a bunch of pointless trouble shooting steps the modem was moved from Eth0 to Eth2. What is interesting about this is that on this family of WGs Eth0 & Eth1 are 100mbps connections while the rest are 1gbps. The cable modem also has a 1gbps connection, but since ones internet speed is no where near 100mb it should not matter.

Great improvements! However WG could not provide an answer why this helped, nor why we are only getting less than half of the speed available. More trouble shooting! First all of the fancy proxy features were turned off, no IPS, no AntiVirus, no WebBlocker, just straight up filtered rules any out going rule.

The issues appears to be in the proxy engine of the firewall. Next a test with a filtered HTTP/HTTPs rule. A different test PC was used, so their might be a slight scew.

WG offers an AntiVirus scanning, called Gateway AntiVirus (GAV). It was turned off for this test.

Not much of a difference w/ GAV turned off. This time IPS was turned off.
IPS appears to be the biggest culprit.  It should be noted that this is a SOHO firewall, it is meant for roughly 5 computers.  Turn on all of the security features such as WebBlocker, GAV, IPS, ect. really takes a toll on the little ATOM cpu contained in this box. 

One thing that WG has done in thier newer version is to have a "reputation defense" feature.  WG maintains a hosted database of sites they consider both safe and harmfull.  If this feature is turned on, everytime a computer goes to the website, a lookup is done.  If the requested site is on the "safe" list, it bypasses all of the security features.  Likewise if the site is considered "harmfull" the site is blocked, and no further scanning by the WG appliance is done.  This frees up many cpu cycles on the WG firewall.