bgodden
asked on
SonicWall Pro VX traffic slow between DMZ and LAN
We have a single SonicWall Pro VX and have placed a file server in the DMZ. We are experiencing very slow network speed in between the DMZ and the LAN. We have isolated this down to essentilally the firewall DMZ and LAN, we have tested all the cables, switches, etc. in between those points.
Speed between LAN and WAN is good, and speed between DMZ and LAN is acceptable, usually as fast as the WAN pipe allows.
Speed between the DMZ and LAN is terrible, usually about 3 KB/sec. We have the firewall interfaces set to 100MB Full duplex, the WAN is set to 10MB Half duplex (we've tried all the setting there, but this isn't our problem spot anyway).
THe firewall does have content filtering on, but it has been disabled between DMZ and LAN. MTU is set to 1404 and there is no bandwidth limitations set. Also, no strange rules setup either.
Thanks for any help on this!!
-Brian
Speed between LAN and WAN is good, and speed between DMZ and LAN is acceptable, usually as fast as the WAN pipe allows.
Speed between the DMZ and LAN is terrible, usually about 3 KB/sec. We have the firewall interfaces set to 100MB Full duplex, the WAN is set to 10MB Half duplex (we've tried all the setting there, but this isn't our problem spot anyway).
THe firewall does have content filtering on, but it has been disabled between DMZ and LAN. MTU is set to 1404 and there is no bandwidth limitations set. Also, no strange rules setup either.
Thanks for any help on this!!
-Brian
So if you rip the firewall out, and put a crossover cable in between the server on the DMZ and a client inside, then the performance is still the same ??
ASKER
Don't need to get them that close, if the server in the DMZ are in the proximity of either switch (LAN or DMZ), the speed it 100 MB/s
ASKER
with the client that is
I'm not sure what you meant by your second comment but...
I think what tim_holman was trying to suggest was to put a client machine inside the DMZ and test the file transfer speeds within the DMZ... just to make sure it's not the server itself causing the slow transfer speeds.
I think what tim_holman was trying to suggest was to put a client machine inside the DMZ and test the file transfer speeds within the DMZ... just to make sure it's not the server itself causing the slow transfer speeds.
Agreed - this is far too slow for even a firewall to cause (unless perhaps its routing is screwed up) !
ASKER
I didn't explain well either, I had the server and the client together on the switch that is connected to the DMZ (i.e. brought the client out to the DMZ) and also brought the server into the LAN, performance was good so it wasn't the server... How do I check the routing? There is one static route setup, but it's over my head on how it should be...
Check the routing by doing a TRACERT {server IP} from the client machine behind the firewall, to the server in the DMZ.
ASKER
OK, I see, I get a single hop from the client to the server in the DMZ
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tim, thanks for your work on this, oddly enough, we finally tried setting all the firewall interfaces to auto negotiate and the problem went away! All these interfaces set themselves to what we had forced, so apparently the forcing was causing some consfusion for TCP traffic.
Auto-negotiated 100FDX and manual 100FDX are slightly different things. With auto-neg things like flows and window sizes are also negotiated, whereas with manual 100FDX you're stuck with static values.
This varies from vendor to vendor...
This varies from vendor to vendor...
ASKER
OK, good to know. Thanks!