Link to home
Start Free TrialLog in
Avatar of bgodden
bgodden

asked on

SonicWall Pro VX traffic slow between DMZ and LAN

We have a single SonicWall Pro VX and have placed a file server in the DMZ.  We are experiencing very slow network speed in between the DMZ and the LAN.  We have isolated this down to essentilally the firewall DMZ and LAN, we have tested all the cables, switches, etc. in between those points.

Speed between LAN and WAN is good, and speed between DMZ and LAN is acceptable, usually as fast as the WAN pipe allows.

Speed between the DMZ and LAN is terrible, usually about 3 KB/sec.  We have the firewall interfaces set to 100MB Full duplex, the WAN is set to 10MB Half duplex (we've tried all the setting there, but this isn't our problem spot anyway).

THe firewall does have content filtering on, but it has been disabled between DMZ and LAN.  MTU is set to 1404 and there is no bandwidth limitations set.  Also, no strange rules setup either.

Thanks for any help on this!!

-Brian
Avatar of Tim Holman
Tim Holman
Flag of United Kingdom of Great Britain and Northern Ireland image

So if you rip the firewall out, and put a crossover cable in between the server on the DMZ and a client inside, then the performance is still the same ??
Avatar of bgodden
bgodden

ASKER

Don't need to get them that close, if the server in the DMZ are in the proximity of either switch (LAN or DMZ), the speed it 100 MB/s
Avatar of bgodden

ASKER

with the client that is
I'm not sure what you meant by your second comment but...

I think what tim_holman was trying to suggest was to put a client machine inside the DMZ and test the file transfer speeds within the DMZ... just to make sure it's not the server itself causing the slow transfer speeds.
Agreed - this is far too slow for even a firewall to cause (unless perhaps its routing is screwed up) !
Avatar of bgodden

ASKER

I didn't explain well either, I had the server and the client together on the switch that is connected to the DMZ (i.e. brought the client out to the DMZ) and also brought the server into the LAN, performance was good so it wasn't the server...  How do I check the routing?  There is one static route setup, but it's over my head on how it should be...
Check the routing by doing a TRACERT {server IP} from the client machine behind the firewall, to the server in the DMZ.
Avatar of bgodden

ASKER

OK, I see, I get a single hop from the client to the server in the DMZ
ASKER CERTIFIED SOLUTION
Avatar of Tim Holman
Tim Holman
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bgodden

ASKER

Tim, thanks for your work on this, oddly enough, we finally tried setting all the firewall interfaces to auto negotiate and the problem went away!  All these interfaces set themselves to what we had forced, so apparently the forcing was causing some consfusion for TCP traffic.
Auto-negotiated 100FDX and manual 100FDX are slightly different things.  With auto-neg things like flows and window sizes are also negotiated, whereas with manual 100FDX you're stuck with static values.
This varies from vendor to vendor...
Avatar of bgodden

ASKER

OK, good to know.  Thanks!