Is this speed considered good?

[Cole lyons]

Hello, I have Gigabit Fiber (1000mbps) From ATT. I use their ONT, and they force me to use their Arris/Pace Gateway. I put the gateway in DMZ+ mode. 

 

The Gateway has a single Cat6 going to a Gigabit Switch. The switch then goes to a nighthawk X6S which is in AP mode. 

 

We use the X6S for the entire home (3100sqft, we have not experienced any issues). The test device we are using is a Late 2013 MacBook pro. It a 1.3gigabit connection to the router via wifi and gets 800-900mbps.

My iPhone X gets between 300-450mbps, ping is 3. 

 

Direct from the switch my PC gets 920-985mbps, ping is between 0-3. Haven't tested the 4 other wired connections but I assume they are the same. 

 

My three questions:

 

1. Are Those speeds good considering my setup? 

 

2. I am using a D-Link DGS 108 switch, is that could or should I buy a better one?

 

3. What else should I do to improve my network or do I even need to at all?

 

 

[Lurick]

Yes, with overhead you're basically near the max of the line at 985Mbps and they say you'll average around 940Mbps so I would say you're doing well. I don't see much you need to do that would offer any improvement and I would say you're good to go for the most part

[Dekenizer]

..... I have issues with going DMZ. Yes you have good speed, but you are not firewalled... Yes, firewall slows up connnections.  But if you get breached, you'll be worst than slowed...

[Lurick]

2 minutes ago, Dekenizer said:

..... I have issues with going DMZ. Yes you have good speed, but you are not firewalled... Yes, firewall slows up connnections.  But if you get breached, you'll be worst than slowed...

It's not a real DMZ, it's AT&Ts name for passthrough mode that you enable to bypass their stuff indirectly and pass the public IP to your equipment so you don't have to really deal with their junk. Also, a good firewall will not slow down any connections.

[Cole lyons]

1 minute ago, Dekenizer said:

..... I have issues with going DMZ. Yes you have good speed, but you are not firewalled... Yes, firewall slows up connnections.  But if you get breached, you'll be worst than slowed...

My Gateway is only in DMZ+ mode for the router. All other devices are using the default settings. Should I switch it back to Default for the router?

[Cole lyons]

1 minute ago, Lurick said:

AT&Ts name for passthrough mode

Yeah, I spent a while looking for how to bypass ATT's junk interface so I could enable the normal bridge mode, But on att's Website they told me to enable DMZ+ for the selected router. I was actually thinking of buying a firewall but want sure if it was needed. 

Will be using a network-wide VPN soon. 

[Lurick]

Just now, Cole lyons said:

My Gateway is only in DMZ+ mode for the router. All other devices are using the default settings. Should I switch it back to Default for the router?

If your router has a built in firewall then you're fine. If you go back to default mode on their equipment then you'll need to disable other stuff on your router if you want to avoid double NAT

[Cole lyons]

I'm pretty sure that the router has a firewall. X6 does. 

[Lurick]

2 minutes ago, Cole lyons said:

I'm pretty sure that the router has a firewall. X6 does. 

I might have mis-read your original post. The Arris is in DMZ+ mode but connects to a switch and then to a router in AP mode. I originally thought it was Arris (in passthrough) to a better router, and then switch and AP but reading it again I see that's not the case. If the original statement is the case then you will definitely want a good router with a firewall in between the Arris and the switch, otherwise, you should be good if you already have it like that with a dedicated router in between the Arris and switch

[Cole lyons]

3 minutes ago, Lurick said:

you'll need to disable other stuff on your router if you want to avoid double NAT

That was my original reason for enabling DMZ+ mode. 

 

I also turned of QoS which seemed to slow stuff down (on the router) The switch has built-in QoS do you think that will be a problem?

[Cole lyons]

1 minute ago, Lurick said:

is the case then you will definitely want a good router with a firewall in between the Arris and the switch, otherwise, you should be good if you already have it like that.

arris goes directly to switch. Do I actually have to buy another router..? for no reason? 

[Lurick]

Just now, Cole lyons said:

That was my original reason for enabling DMZ+ mode. 

 

I also turned of QoS which seemed to slow stuff down (on the router) The switch has built-in QoS do you think that will be a problem?

I haven't seen a need to enable QoS on my network with AT&Ts gigabit but if done properly it shouldn't impact anything in a negative manner in terms of overall throughput if you have devices not being classified to get less bandwidth.

[Lurick]

1 minute ago, Cole lyons said:

arris goes directly to switch. Do I actually have to buy another router..? for no reason? 

I would get something that acts as a hardware firewall, yes. The Arris does a HORRIBLE job at being a firewall

I told it to block specific packets and 80% of them still hit my firewall regardless =/

[Cole lyons]

Just now, Lurick said:

I would get something that acts as a hardware firewall, yes. The Arris does a HORRIBLE job at being a firewall

I told it to block specific packets and 80% of them still hit my firewall regardless =/

I would rather just buy an enterprise/Prosumer firewall. Can you or someone recommend one? 

[Lurick]

2 minutes ago, Cole lyons said:

I would rather just buy an enterprise/Prosumer firewall. Can you or someone recommend one? 

pfSense if you want to build one or Ubiquiti EdgeRouter-X or something along those lines would be solid.

[Cole lyons]

so we need this? https://www.amazon.com/Ubiquiti-EdgeRouter-Advanced-Gigabit-Ethernet/dp/B00YFJT29C/ref=sr_1_1?ie=UTF8&qid=1548268839&sr=8-1&keywords=edgerouter+x

[Dekenizer]

The way we do with the ISP here, you setup their router/modem as PASSTHRU.  Then the port 1 on the ISP router is connectect to the WAN port of your router.  Then your switch to a lan port of the router. (The firewall is between the WAN and the LAN of your router)  If you connect the ISP router/modem to a LAN port of your router and your switch to a lan port of the router, you are not firewalled... 

[Lurick]

1 minute ago, Cole lyons said:

so we need this? https://www.amazon.com/Ubiquiti-EdgeRouter-Advanced-Gigabit-Ethernet/dp/B00YFJT29C/ref=sr_1_1?ie=UTF8&qid=1548268839&sr=8-1&keywords=edgerouter+x

That looks like the one, yes.

[Dekenizer]

No, you can use the nighthawk X6S as router, Just don't just set is as AP mode, but as router. 

[Cole lyons]

16 minutes ago, Dekenizer said:

No, you can use the nighthawk X6S as router, Just don't just set is as AP mode, but as router. 

I cannot. Only have one cable running to it in the closet in the center of the house. Will Edge router X work? 

[Dekenizer]

Never used a Ubiquity router, so I don't know about it's firmware and lesser about it's firewall... 

 

But why don't you run another cable to that router?

[Cole lyons]

To hard. All the way at the other end of the house, Ran through the ceiling would have to cut holes every so many feet. The house is almost fully pre-run so I don't really feel the need. Money isn't the problem so I'm fine with just buying a firewall.