WAN throughput
The UG-101 is built around a Cavium Octeon III network processor. Internal routing and VLAN firewalling run at 3–4 Gbit/s — well above any current WAN link.
With all of the sophisticated firewall features enabled — both Country Blocking and Domain Filtering — except Threat Analysis (IDS/IPS), the WAN uplink will comfortably exceed 900 Mbit/s. That’s the case where the bottleneck is the ISP and not the gateway.
What changes with IDS/IPS
Threat Analysis inspects every byte of every packet, including full TCP reassembly. Even on the Cavium that’s heavy work. With IDS/IPS enabled, per-stream throughput tops out around 220 Mbit/s.
If you need to validate the total network throughput with IDS on, see Slow Internet — Speed Capped at 150 Mbps with IPS/IDS — running multiple concurrent test streams from multiple workstations gives a representative number.
Site-to-site VPN
S2S VPN throughput is dominated by path latency between the two sites and the VPN hub in the cloud:
- Good case — same-carrier or nearby sites: 50–70 Mbit/s is typical, occasionally up to ~90 Mbit/s when both sites share a carrier subnet.
- Bad case — high-latency or wireless paths (an AT&T LTE link at one end, for example): a few Mbit/s.
In practice, S2S VPN speed isn’t usually the limit. The traffic egresses the sending side’s WAN uplink, and most SMB ISP uplinks sit in the 20–60 Mbit/s range — well within what the VPN itself can sustain. The VPN doesn’t normally become the bottleneck until the uplink does first.