Hub 4, firmware 01.04.092.07.16.EURO.PC20, in router mode. TLS handshakes are stalling for ~5s when the firewall is enabled - problem clears when firewall disabled. Have pinhole reset the hub multiple times. SamKnows RealSpeed is reporting expected speeds, and the power levels / error counters look fine in the hub stats.
Is there a newer firmware available for this hub that fixes the issue, or should I be requesting a new Hub 5? I'm on Gig1 HFC if that matters.
Yes, the config was double NATted. Not my preference, but I'd left the hub in routed mode for a few reasons:
More testing today - turning the firewall off on the hub doesn't always prevent the TLS establishment delay. So, I bit the bullet, fixed (3) today and put the Hub into modem mode. Time will tell how stable the DHCP is. Thanks for the advice both.
This is likely VM deep packet inspection for getting SNI from client hello problem likely does not happen in modem mode
Thanks. Agree that's a potential cause. Whilst I have another firewall (Opnsense) behind the hub, I'd rather not expose that directly to the Internet so prefer keeping routed mode on the hub.
I'd prefer the supplied equipment worked as expected. Do you know if a newer firmware or a Hub 5 would resolve? Curious to know why the hub would be inspecting traffic anyway.
The firewall setting in the hub does nothing really due to the hub doing NAT in router mode outbound is mapped inbound to be allowed any inbound that does not match or you do not have port forwarding or DMZ is dropped the firewall setting is not responsible for that.
The firewall option in home router does nothing unlike real firewalls
