Solved

Port 80 performance slow compared to port 8080

Posted on 2004-08-23
7
1,178 Views
Last Modified: 2008-03-17
We have a web server sitting in a DMZ. Performance when connecting to the site from the outside world is fine, but it's remarkably sluggish when connecting from the inside. There are no firewall blocks set up and syslog shows no complaints. Also, our content filter is not touching this site. A sniff shows multiple lost segments and retransmits.

However, our dev site on the same server, going over port 8080, is lightning fast (from inside or out). The production site is fast on the web server itself, but is slow from another machine in the same DMZ. Strangely (to me, anyway) if I change the IIS settings for the production site to 8080 (from 80) it, too, is suddenly very fast from the inside.

There are no access rules affecting the box internally, and the internal DNS is set up properly.

Is there something with PIX that affects port 80 traffic that is not obvious at first glance? Or a bug in the IOS?
0
Comment
Question by:chabuhi
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:avidya
ID: 11872762
Hi,

You didn't specify the versions you are using, but maybe this link will help you
http://www.cisco.com/pcgi-bin/search/search.pl
Search for: pix 80 8080 slow
0
 
LVL 1

Author Comment

by:chabuhi
ID: 11873072
I'm sorry -- left that out in my haste to go fatten myself up some more ...

Server is Win 2003

IIS 6.0

Cisco FWSM 1.2.3
0
 
LVL 10

Expert Comment

by:avidya
ID: 11873612

Maybe you can use the troubleshooting options:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_2/fwsm_cfg/monitor.htm
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_2/fwsm_ref/df.pdf

From wath I read it looks like a problem with the settings in combination with the dmz.
Maybe you are better of reallocating your question in the Networking or security area?
0
 
LVL 1

Accepted Solution

by:
chabuhi earned 0 total points
ID: 11953721
Turns out there were a number of contributing factors -- filter ties to the old webserver, firmware out of date on the server NIC, etc. No points awarded as solution was discovered internally.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
assessing firewall rules 3 72
DHCP lease issue ? 8 84
IP Phones with SonicWall 6 68
VPN running on Windows 2008 Server 11 70
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now