NVfirewall on A8n-SLI Deluxe

  • Thread starter Thread starter J&SB
  • Start date Start date
J

J&SB

I just installed the software to configure the hardware NVfirewall on my
A8N-SLI Deluxe from the motherboard CD from ASUS.

Actually setting it up sensibly appears - at least for me - to be a matter
requiring a lot more study. The default (recommended) configuration disables
the Windows software firewall on the nVidia NIC (though leaving it enabled
on everything else, like the Marvell Yukon and 1394), and sets up the
hardware firewall at the so-called "medium" protection level. That
configuration gave me absolutely no web or email access whatsoever, so I
shut off the hardware firewall, re-enabled the Windows software firewall,
rebooted and got back on-line. On the CD, I also discovered the 149-page
document \Manual\NVIDIA_LAN\NVForceWareNetworkGuide_1stEd.pdf, which I'll
clearly have to read.

If anyone has gotten past this point with the nVidia hardware firewall, i.e.
actually using this thing, please post. I'd like to get this firewall to do
what all of the literature on it seems to rave about.
 
Hi,

J&SB said:
I just installed the software to configure the hardware NVfirewall on my
A8N-SLI Deluxe from the motherboard CD from ASUS.

[...]

If anyone has gotten past this point with the nVidia hardware firewall, i.e.
actually using this thing, please post. I'd like to get this firewall to do
what all of the literature on it seems to rave about.
Click to expand...


I also tried to use NVfirewall with on A8N-SLI Deluxe and XP Pro SP2.
(nForce4 Standalone Kit 6.53 March 17, 2005)

When the Nvidia firewall is installed, the LAN speed decreases to about
300KByte/Second.
This slowdown occurs on both LAN Ports.

Reconfiguring or disabling the NVfirewall does not help.
After uninstalling the firewall component, speed is OK.

NVfirewall (at least 6.53) and "Active amour" are virtually useless.

Christian
 
Strange, but my results are somewhat different. I too loaded nForce4
Standalone Kit 6.53. It is with the nVidia firewall enabled that I am
completely unable to transact on the net via the nVidia NIC. However, when
I disable it (and then restart Windows!), my download speed returns to what
is normal from my cable ISP, i.e. about ~500KBytes/sec. I don't have to
uninstall the software to recover. Also, enabling/disabling the firewall
has no impact on the Marvell Yukon port, which is what I would expect.

You would think that for what is claimed to be a 1Gbps NIC, a hardware
firewall would not present such overhead at the hundred KB/sec level that
you appear to be experiencing. Isn't low overhead supposed to be the
"beauty" of a hardware firewall, afterall? However, it appears that you are
at least getting throughput - albeit diminished - with the firewall enabled,
while I get absolutely nothing. What are your settings, and explicitly how
did you set them? Perhaps I bungled something, and my software was
improperly or incompletely installed.

It appears rather challenging to find anyone who has successfully
implemented this functionality on the A8N-SLI Deluxe under XP Pro (SP2).
 
Strange, but my results are somewhat different. I too loaded nForce4
Standalone Kit 6.53. It is with the nVidia firewall enabled that I am
completely unable to transact on the net via the nVidia NIC.
Click to expand...


My tests were done about a month ago, so I forgot to mention one issue,
sorry:

DHCP did not work if NVfirewall was enabled.
The "Enable DHCP" function of NVFirewall does nothing useful.
Even a manually inserted packet filter rule to enable the DHCP port did
not help.

If your configuration relies on automatically obtained IP addresses, the
result would be as observed.
With Firewall enabled: no IP address due to failed DHCP, no connection.
After disabling Firewall and reboot (or redo DHCP via e.g. "ipconfig
/renew"): DHCP succeeds, connection OK.

However, when
I disable it (and then restart Windows!), my download speed returns to what
is normal from my cable ISP, i.e. about ~500KBytes/sec. I don't have to
uninstall the software to recover. Also, enabling/disabling the firewall
has no impact on the Marvell Yukon port, which is what I would expect.
Click to expand...

The 300KBytes/sec are the average results determined by tests with the
good old netio.exe benchmark.
The single values differed depending on packet size and direction.
As far as I remember, the peak value was somewhere around 600KBytes/sec.

If the connection is only tested versus a 500KBytes/sec ISP (or an
802.11b WLAN) connection, one might not realize the drastic slowdown.

Testing versus the 100Mbit LAN port of my notebook, I got 9-12MBytes/sec
with NVfirewall uninstalled, 200-600KByte/sec with NVfirewall installed.
Similar results using the Marvell port.

There is possibly something wrong with the NVfirewall component inserted
in the Windows IP protocol stack, so the Marvell port is affected also.

... However, it appears that you are
at least getting throughput - albeit diminished - with the firewall enabled,
while I get absolutely nothing.
Click to expand...

Try to enable the firewall after IP address has been obtained via DHCP
from Router or ISP.
If the connection persists, it is the DHCP problem described above.

What are your settings, and explicitly how did you set them?
Click to expand...

I tried all the predefined profiles and many manual settings, don't
remember the details, sorry.

It appears rather challenging to find anyone who has successfully
implemented this functionality on the A8N-SLI Deluxe under XP Pro (SP2).
Click to expand...

True. I found only one article in group "comp.security.firewalls",
Subject "Nvidia NForce 4 Ultra Chipset Firewall", March 15, 2005.
It describles the same speed problem on some (unknown) board and XP SP2.


Anybody out there?
Does it work with other NForce4 boards?
Does it work with XP Pro SP1?

Christian
 
J&SB said:
It appears rather challenging to find anyone who has successfully
implemented this functionality on the A8N-SLI Deluxe under XP Pro (SP2).
Click to expand...

Well, to make a long story short - I finally got it to work. I've
reïnstalled it about a dozen times on my MCE2005 installation, which
never worked - the firewall kept blocking specific transfers, even
though I set them to be allowed. Never got that fixed. Also Norton
Internet Security wouldn't work properly with the firewall enabled, even
though it came bundled with the board...

A few weeks ago I did a clean install of XP with SP2 integrated into it
on a separate partition, creating a dual boot, and on this fresh install
I tried the nVidia firewall again. I was using the latest BIOS, 1006
final at the time, and the 1.53 drives, and voila presto - it works.
Dunno why or what or how it is different from my other install, but it
works alright now.

I guess I just got lucky.

RJT
 
I have problem with nvidia firewall.
it shows firewall unavailable
how to trouble shoot this issue
any help appericated
 
Back
Top