Solved

SonicWall Pro VX traffic slow between DMZ and LAN

Posted on 2004-09-15
12
1,509 Views
Last Modified: 2013-03-18
We have a single SonicWall Pro VX and have placed a file server in the DMZ.  We are experiencing very slow network speed in between the DMZ and the LAN.  We have isolated this down to essentilally the firewall DMZ and LAN, we have tested all the cables, switches, etc. in between those points.

Speed between LAN and WAN is good, and speed between DMZ and LAN is acceptable, usually as fast as the WAN pipe allows.

Speed between the DMZ and LAN is terrible, usually about 3 KB/sec.  We have the firewall interfaces set to 100MB Full duplex, the WAN is set to 10MB Half duplex (we've tried all the setting there, but this isn't our problem spot anyway).

THe firewall does have content filtering on, but it has been disabled between DMZ and LAN.  MTU is set to 1404 and there is no bandwidth limitations set.  Also, no strange rules setup either.

Thanks for any help on this!!

-Brian
0
Comment
Question by:bgodden
  • 6
  • 5
12 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072405
So if you rip the firewall out, and put a crossover cable in between the server on the DMZ and a client inside, then the performance is still the same ??
0
 

Author Comment

by:bgodden
ID: 12072481
Don't need to get them that close, if the server in the DMZ are in the proximity of either switch (LAN or DMZ), the speed it 100 MB/s
0
 

Author Comment

by:bgodden
ID: 12072487
with the client that is
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12072502
I'm not sure what you meant by your second comment but...

I think what tim_holman was trying to suggest was to put a client machine inside the DMZ and test the file transfer speeds within the DMZ... just to make sure it's not the server itself causing the slow transfer speeds.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072529
Agreed - this is far too slow for even a firewall to cause (unless perhaps its routing is screwed up) !
0
 

Author Comment

by:bgodden
ID: 12072682
I didn't explain well either, I had the server and the client together on the switch that is connected to the DMZ (i.e. brought the client out to the DMZ) and also brought the server into the LAN, performance was good so it wasn't the server...  How do I check the routing?  There is one static route setup, but it's over my head on how it should be...
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 23

Expert Comment

by:Tim Holman
ID: 12072911
Check the routing by doing a TRACERT {server IP} from the client machine behind the firewall, to the server in the DMZ.
0
 

Author Comment

by:bgodden
ID: 12075093
OK, I see, I get a single hop from the client to the server in the DMZ
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 12089554
Setting the MTU low on the firewall is unusual.  I would set it back to 1500.  It's only with dial-up and encryption that MTU starts causing issues anyway.
I'm presuming client and server are on different subnets ?
So - is this maybe a name resolution / DNS problem ?  Maybe if you use the host name, your client is looking it up in the wrong place and causing this delay ?  Same goes for WINS.
Apart from that, try the latest SonicWall firmware update.
I've had a good look around support.sonicwall.com's knowedge portal, but nothing pertaining to DMZ performance other than DMZ setup documents, which may all be worth checking to make sure you've set this up properly.
0
 

Author Comment

by:bgodden
ID: 12135142
Tim, thanks for your work on this, oddly enough, we finally tried setting all the firewall interfaces to auto negotiate and the problem went away!  All these interfaces set themselves to what we had forced, so apparently the forcing was causing some consfusion for TCP traffic.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12142017
Auto-negotiated 100FDX and manual 100FDX are slightly different things.  With auto-neg things like flows and window sizes are also negotiated, whereas with manual 100FDX you're stuck with static values.
This varies from vendor to vendor...
0
 

Author Comment

by:bgodden
ID: 12145002
OK, good to know.  Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange OWA - failed logins and brute force monitor 7 226
FortiGate - Unable to delete Traffic Shaper 2 57
Logging pfSense on Kiwi 4 67
Linksys LRT 224 forward 3 39
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Edureka is one of the fastest growing and most effective online learning sites.  We are here to help you succeed.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now