Hey everyone,
I’m hoping to pick the brains of some of the network gurus here. I’ve been using this setup for a while now to redirect a few specialized USB devices from my server in the basement up to my main workstation in the attic, and for the most part, it’s been a life-saver. However, I recently decided to "adult" my home network by installing a dedicated enterprise-grade Security Appliance to act as my main Firewall.
On a personal level, I’m a bit of a privacy nut, and after a few close calls with "smart" home devices phoning home to servers they shouldn't be talking to, I wanted to lock everything down. The new appliance is fantastic for monitoring traffic, but it’s created a massive headache for my USB redirection.
Specifically, I’m trying to pass through a high-bandwidth Software Defined Radio (SDR) and a legacy hardware license dongle that I still need for some old CAD software. Before I installed the hardware firewall, everything was snappy. Now, I’m seeing significant jitter on the SDR stream, and the CAD dongle frequently "disconnects" even though the server says it's still active.
One specific point I noticed during my troubleshooting is that Security Applianceseems to be flagging the high-frequency "heartbeat" packets that the USB-over-IP protocol uses to maintain the link. I suspect the Deep Packet Inspection (DPI) or the stateful inspection on the firewall is adding just enough micro-latency to trip up the timing-sensitive USB handshake. I've already tried whitelisting the specific ports and setting up a dedicated rule to bypass the proxy for those internal IP addresses, but the performance still isn't back to where it was when I was just using a basic consumer router.
I’m curious if anyone else here has successfully tuned a professional Firewall or hardware Security Appliance to play nice with this kind of traffic? I really don't want to have to put my workstation on a less secure segment of the network just to get my peripherals working again, but I’m running out of ideas on how to reduce that inspection overhead.
Is it possible that these high-spec security devices are actually too efficient at inspecting packets for our own good when it comes to low-latency niche applications like this? Or maybe there’s a specific MTU or buffer setting I should be looking at in the appliance's console that I’ve overlooked?
Looking forward to any insights or observations you might have!
.
I think you should exclude TCP 7575 from deep packet inspection if its slowing down the connection.