Firewall & Antivirus Bypass for Fast LAN Performance

This document is a fully detailed SaaS-style technical guide designed for organizations deploying self-hosted remote desktop servers, monitoring software, or IOCP-based (I/O Completion Port) high-performance socket services such as GoMyid On-Premise Server.

If your server feels extremely fast when connecting via 127.0.0.1 but becomes slow when connecting using the LAN IP (such as 10.5.1.100 or 192.168.x.x), this guide explains every reason and provides guaranteed solutions.

📌 Quick Navigation (Click a question to jump to the answer)

• Why does my server run extremely fast on 127.0.0.1 but very slow on LAN IP?
• How can I test server performance correctly using PowerShell?
• Does a firewall inside my network slow down my internal LAN traffic?
• Can I bypass firewall inspection for LAN-to-LAN traffic?
• How do I create a LAN-to-LAN bypass rule?
• How do I perform this bypass locally on the same machine?
• Can antivirus software slow down socket performance?
• What configuration should I use inside the GoMyid Server Setup field?
• Why should I sometimes temporarily switch Windows network category to Public?
• How to diagnose whether my network has an active firewall device?

1. Why does my server run extremely fast on 127.0.0.1 but very slow on LAN IP?

When a server responds instantly on 127.0.0.1 but becomes slow when accessed via 10.x.x.x or 192.168.x.x, it means the server is experiencing the following conditions:

• Local loopback path is extremely fast (kernel-level direct routing)
• LAN IP is being inspected, filtered, or routed by a firewall or security device
• DPI / IPS / NAT / Anti-Spoofing may be intercepting packets
• The machine's network adapter may treat local IP as external traffic

Loopback (127.0.0.1) does not go through:

• Firewall inspection
• Network drivers
• DPI / IPS scanning
• Routing tables
• NAT

Therefore, all socket operations run at full IOCP speed.

But when using 10.5.1.100 → 10.5.1.100, Windows treats the traffic as if it were LAN-to-LAN traffic, which may introduce:

• Firewall processing
• Intrusion detection scanning
• Network interface delays
• Hairpin NAT (U-turn NAT)
• DPI rules applied by external firewall devices

2. How can I test server performance correctly using PowerShell?

Use the following command to test TCP latency on any IP and port:

Test-NetConnection 192.168.1.10 -Port 444 -InformationLevel Detailed

This command shows:

• Approximate RTT (Round Trip Time)
• Network isolation context (Private, Public, Domain)
• Whether TCP handshake succeeded

If you see:

NetworkIsolationContext : Internet

it means the OS treats your traffic as external, and performance will drop significantly.

3. Does a firewall inside my network slow down my internal LAN traffic?

Yes. Many users assume LAN devices bypass firewalls, but that is not true. Most modern firewall appliances — including Fortigate, MikroTik, PFsense, Sophos XG, Palo Alto, WatchGuard, Zyxel, Ubiquiti, and enterprise routers — inspect LAN-to-LAN traffic unless explicitly bypassed.

These inspections include:

• DPI (Deep Packet Inspection)
• IPS/IDS scanning
• Anti-Spoofing
• QoS shaping
• Hairpin NAT
• TLS/SSL inspection

Any of these can delay each packet by 5–500 ms, which eventually causes huge slowdowns in high-frequency IOCP applications.

4. Can I bypass firewall inspection for LAN-to-LAN traffic?

Yes, and this is the recommended solution.

If your server slowdowns disappear when using 127.0.0.1 but appear when using LAN IP (10.5.1.100), it means your firewall is inspecting or shaping that local traffic.

To fix this, you must create a rule on your firewall:

“LAN-to-LAN bypass for traffic going to 10.5.1.100”

This tells the firewall: “Do not inspect or interfere with any LAN traffic going to the server.”

5. How do I create a LAN-to-LAN bypass rule?

Below is the universal rule that works on ANY firewall brand or model. Add this rule at the top of your firewall’s policy list:

Rule Name: LAN-to-10.5.1.100-Bypass
Source: 192.168.1.0/24 OR ANY
Destination: 192.168.1.10
Ports: ANY
Action: ALLOW
NAT: DISABLE
IPS/IDS: DISABLE
DPI: DISABLE
TLS/SSL Inspection: DISABLE
Application Control: DISABLE
Antivirus/Malware Scan: DISABLE
Direction: LAN → LAN
Priority: TOP

This ensures:

• No NAT
• No throttling
• No filtering
• No packet inspection
• No latency

LAN speed becomes as fast as 127.0.0.1 loopback.

6. How do I perform this bypass locally on the same machine?

You can apply a LAN-to-LAN bypass rule only on the server machine without touching the physical firewall.

Use this PowerShell command:

New-NetFirewallRule -DisplayName "Local-LAN-Bypass" -Direction Inbound -LocalAddress 10.5.1.100 -RemoteAddress 10.5.1.0/24 -Action Allow

And the outbound rule:

New-NetFirewallRule -DisplayName "Local-LAN-Bypass-Out" -Direction Outbound -LocalAddress 10.5.1.100 -RemoteAddress 10.5.1.0/24 -Action Allow

This makes Windows Firewall behave like a true LAN bypass — no inspection, no DPI, no filtering.

7. Can antivirus software slow down socket performance?

Yes, extremely.

Modern antivirus engines scan every:

• binary loaded into memory
• network packet
• file access
• server process behavior

For high-performance socket servers, this can cause:

• random slowdowns
• packet loss
• delayed responses
• CPU spikes

✔ Recommended Fix

Exclude your server folder:

C:\Program Files\GoMyid Server

This prevents the antivirus engine from scanning real-time socket operations on every packet.

8. What configuration should I use in the Server Setup field?

Your server setup panel may contain a field where you specify the IP address the service should bind to. Here is the correct behavior:

• Leave field empty → Server listens on all IP addresses (recommended)
• Type 127.0.0.1 → Server listens only internally (for testing performance)
• Type 10.x.x.x → Server listens only on that LAN IP

If performance is slow and you want to test:

1. Install server with 127.0.0.1
2. Perform speed tests
3. Reinstall using “empty field” for normal operation

This verifies whether LAN traffic, firewall, or antivirus is causing the slowdown.

9. Why should I temporarily switch Windows network category to Public?

Switching the network profile to Public forces Windows to apply stricter routing rules, which can help diagnose:

• Firewall interference
• Routing issues
• Slow path networking
• Packet inspection delays

Use this command:

Set-NetConnectionProfile -InterfaceAlias "Ethernet" -NetworkCategory Public

Then test again using:

Test-NetConnection 192.168.1.10 -Port 444 -InformationLevel Detailed

10. How to diagnose whether my network has an active firewall device?

If your performance dramatically improves on 127.0.0.1 but remains slow on your LAN IP, the network definitely contains:

• a firewall appliance, or
• a router performing DPI/IPS, or
• a switch performing traffic analysis

You can confirm this if:

• Packets show delays in Test-NetConnection
• Your IP appears as Internet or Public in isolation context
• Firewall logs show LAN traffic events

In this case, apply the LAN-to-LAN bypass rule described earlier to eliminate all delays.

This guide provides a complete diagnostic framework for identifying slow performance in a high-performance socket server such as GoMyid Remote Desktop Server.

By understanding the difference between loopback traffic and LAN IP traffic, and by applying firewall bypass rules, antivirus exclusions, and correct binding configurations, you can guarantee maximum performance inside any network environment.

If your server is fast on 127.0.0.1 but slow on LAN IP, the cause is always firewall or network inspection, and the solutions in this document will resolve the issue completely.

Understanding Why Some Firewalls Slow LAN Traffic While Others Do Not

In modern network environments, it is a common misconception that firewalls only filter external internet traffic coming from the WAN side. Many administrators assume that internal LAN-to-LAN communication is always trusted and never inspected. However, this is not universally true. Depending on the brand, configuration, and security profile of the firewall, internal traffic may or may not be filtered, inspected, or routed through deep security layers.

Some firewalls operate in a very permissive mode by default. They allow all LAN devices to communicate with each other freely without performing DPI (Deep Packet Inspection), IPS (Intrusion Prevention), or antivirus scanning. In such environments, LAN-to-LAN communication is fast, direct, and nearly instant. Performance for high-frequency applications such as remote desktop systems, monitoring tools, or IOCP-based socket servers is typically excellent.

However, many modern firewalls take the opposite approach. They treat LAN interfaces as “semi-trusted zones” and apply the same security logic internally as they would externally. This means LAN traffic may pass through:

• DPI (Deep Packet Inspection)
• IPS / IDS threat analysis
• Anti-spoofing engines
• Application control filters
• Antivirus / malware scanning
• NAT reflection or hairpin routing

Each of these layers introduces additional latency — sometimes only a few milliseconds per packet, but within high-frequency systems, this delay quickly becomes noticeable. When a remote desktop server, monitoring platform, or logging service exchanges hundreds of small packets per second, a 5–20 ms inspection delay per packet can turn into visible interface lag, slow authentication, or delayed connection responses.

This is why in some environments performance appears perfect with loopback (127.0.0.1), but dramatically slower when using the device’s LAN IP (such as 10.5.1.100). Loopback bypasses all layers of filtering and remains inside the operating system kernel. LAN IP traffic, even if it originates from the same machine, may still be routed through firewall or inspection layers depending on the device’s configuration.

Some firewalls implement “hairpin NAT” even for internal access, forcing traffic to traverse NAT tables. Others apply SSL/TLS inspection on all traffic regardless of direction. A few high-security firewalls even enable IPS scanning on LAN interfaces by default. If any of these features are active, LAN traffic can feel slow, inconsistent, or delayed — even though physical network bandwidth appears healthy.

Therefore, understanding your network’s firewall behavior is critical. Administrators should never assume that LAN traffic is unfiltered. You must check whether your firewall performs internal inspection, NAT, or security processing on LAN-to-LAN packets. If it does, performance issues are unavoidable unless you explicitly create exceptions or bypass rules.

Additionally, antivirus software installed on the server can significantly degrade performance. Many security suites intercept network I/O, disk operations, and even memory allocations made by socket servers. This creates artificial delays, packet bottlenecks, and random lag spikes. Real-time scanning of the server’s running process or installation folder almost always introduces unpredictable latency. For this reason, excluding the server directory — such as C:\Program Files\GoMyid Server — is not optional; it is required for consistent and stable performance.

In conclusion, the only true causes of LAN slowdown are firewalls and antivirus engines. There are no other variables that can slow down a high-performance IOCP-based socket server inside the same local environment. When loopback is fast but LAN IP is slow, the diagnosis is certain: the traffic is being inspected, filtered, scanned, or routed unnecessarily. By applying the recommended bypass rules, disabling DPI or IPS for internal communication, and excluding the server folder from antivirus scanning, organizations can restore the full speed expected from a local on-premise remote desktop or monitoring infrastructure.