Upgraded entire network, LAN is super fast but WAN takes a while to load?

[BAD311]

I upgraded all wire, computers, server, switches and router to gigabit speeds (it was a big project) and all machines are blazing fast on the LAN and easily reach 100-120Mb/s speeds on the network, however now the WAN when opening IE, Chrome, Firefox takes a while to load a website (any website) whereas before it only took a second, now it can take 10-20 seconds to resolve. I can't figure it out. I've performed speed tests, optimized my Sonicwall TZ205 and can't hunt down the issue. All browsers on all machines are slow to load up. We're now all part of a domain now (Win Server 2013 Essentials).

Cat6+Cat5e cable was installed vs. PoE 10/100 adapters (not easy to install all this cable, it was a one time thing so I made sure to plan for the future)
Netgear gigabit smart switch (16port)
Netgear gigabit smart switch (24port)
12 10/100 VoiP phones
12 Gigabit Lenovo desktops (Win 7 Pro)
VoiP Server
Win 2012 Server
Sonicwall TZ205W

Very simply network on the fastest Comcast internet possible (100Mb capable speeds)

Before we upgraded, again, pages would load up quickly, now they are veerrry slow to resolve/load. It'll sit on a blank page for 10+ seconds or so before loading up.

All machines are running Security Essentials. I've disabled firewall on several machines to test and no change. I also disabled firewall on the server (no change) and optimized Sonicwall for performance.

 

[Elixer]

How is DNS being handled ?
Do you have any content filtering going on with the Sonicwall ?

 

[BAD311]

No, no content filtering. I haven't even migrated the licenses over from the old Sonicwall TZ100W (that'll likely make it even slower once that's all up and running).

DNS is being handled through the Sonicwall, not the server. All machines are static IP.

 

[RadiclDreamer]

Try change to a public dns server to see if that resolves, if it does then whatever dns servers your sonic wall are using are either slow or one is non responsive causing it to timeout and then go to a working secondary.

Try 8.8.8.8
4.2.2.2
8.8.4.4

 

[Mushkins]

Dollars to donuts its the sonicwall. Are you running the SSO agent? Every time that craps out on me I get exactly what you're describing because of the way it handles failed authentications (blocks new connections from that IP for x seconds, then works fine until the next auth attempt). You can ping out and get great results, while simultaneously staring at little spinning loading circles for 10-15 seconds on every webpage you open.

I've also had this when some huckster neglected to renew the security license subscriptions and all the security features stopped working but were still enabled.

Somethings not configured right and it's doing bad things to your outgoings, i'd turn on debug level logging and sift through the logs for a better idea.

 

[avos]

Put your sonicwall in Performance Optimized if it isn't just to test. It is under Security Services -> Summary.

I'm not sure the tz205 is rated for 100mbit/s. And in my use of sonicwalls, if you try to go faster than what they are rated for with any security setting turned on they just choke on themselves. I've pretty much stopped using any of the tz series. It seemed like every time charter would upgrade any of my clients internet speeds they would call saying they were going slower than before and I'd have to limit the speed with BWM.

 

[spidey07]

Sounds like a duplex mismatch. Check every connection in the WAN path for the speed/duplex settings. You normally would use auto/auto and it would autonegotiation to 100 or 1000 full depending on the capabilities of the equipment.

The settings on both sides of any link must match. Either both sides auto/auto, or both sides forced speed and duplex settings. If one end of the link is autonegotiate and the other is force 100/full, then the auto side will fall back to 100/half. That's a duplex mismatch and performance is terrible.

Some of the old equipment likely had force 100/full on some ports and when you changed it you're now at auto, producing a duplex mismatch. You can also look at the switch ports for CRCs and late collisions which are a clear sign of duplex mismatch. A proper full-duplex connection will never have any errors.

 

[Ertaz]

Sounds like a duplex mismatch. Check every connection in the WAN path for the speed/duplex settings. You normally would use auto/auto and it would autonegotiation to 100 or 1000 full depending on the capabilities of the equipment.

The settings on both sides of any link must match. Either both sides auto/auto, or both sides forced speed and duplex settings. If one end of the link is autonegotiate and the other is force 100/full, then the auto side will fall back to 100/half. That's a duplex mismatch and performance is terrible.

Some of the old equipment likely had force 100/full on some ports and when you changed it you're now at auto, producing a duplex mismatch. You can also look at the switch ports for CRCs and late collisions which are a clear sign of duplex mismatch. A proper full-duplex connection will never have any errors.

This.

 

[stlcardinals]

The DNS server on your domain controller should be handling all DNS requests. All clients should have their DNS pointed to it.