Will a Pentium III-500 do as firewall?

We have a small network of about 8 machines, one webserver, low traffic. The new webserver (P4-2.4GHz) works quite fast from the inside. Pages normally display in less than 1 second. From the outside it takes up to 5 seconds. Typically nothing happens for about 3 or 4 seconds, and then suddenly the page appears. When inside, visiting other websites, we have a normal speed.

The firewall/router is an old Pentium III-500 (320MB) machine running Windows 2000 and Isa Server 2000. (Memory usage is about 150MB.) Can this be the bottleneck? I heard that a 486 could be used as firewall. Are there tools to test what causes the delay? Is a Linux firewall faster? Or a hardware firewall?
LVL 1
grexxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TannerManCommented:
I have ran isa 200 on a p-2 333 with 128 ram before. No real problems due to machine power. I think your machine horsepower is adequate.

Your speed when accessing your fast web server from the internet is so very determined by a whole host of uncontrollable areas. The DNS server's used to resolve your web site name may be slow.  This can be the any of the multitude of DNS servers hops are made across to get from test locatoin to your web server. The internet connection your viewing from may have a bottle neck. Especially if it's something like a cable modem that can be slow during peak usage times.

Unless you have a very complicated ISA implentation I don't think your slow down is there.

Also, 5 seconds to load just about any website from the internet is really a good speed. There are two reasons it is faster on the inside of your network than outside....

The server is local of course, and that the ISA server, if set up with it, is caching web visits. This means when your client hits the ISA server from the inside the ISA server spits the webpage back and not having to wait for it to contact your web server and retrieve the page.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bloemkool1980Commented:
I would say your machine is powerful enough. THe page load depends a lot on your browser.
Are you using http 1.0 or http 1.1
Are you using IE?
Is the speed the same with an alternative browser?
The bottleneck is not your isa I really doubt it. A hardware firewall will have more performance that is pretty sure but what is you link speed to internet?
0
grexxAuthor Commented:
Thanks for the replies. I thought the machine was fast enough. I can try a test though. We have a second IP-address that is not used. I can put a spare machine (disconnected from the rest of the network) directly on that address, and then compare connections from the outside to both machines. If that is really faster, then something on the network is slowing the site down.

At home I have a 3Mb cable connection, and about 400kb upload. At work we have a 1MB DSL connection. When at work, with my computer at home working (Mac G4-400), that webserver is a lot more responsive (1 second to display a simple page). At home I have a simple Netgear Firewall/router, and a software firewall as well (standard Mac OSX).

I know 5 seconds is not all that bad, but we have customers complaining that it's slow. What confuses me a bit is that for about 4 seconds nothing happens, and then suddenly everything appears quite fast. It looks like somewhere there's a delay. Normally you see a page loading, building up, data coming in, if it's really big. That doesn't seem to happen.

It could be one of the DNS hops. Can I test that? Shouldn't they change for different users or different times? I thought they were not fixed. Browsers don't seem to matter. I use Firefox and IE to compare.
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

TannerManCommented:
Well, the 3-4 seconds wait with nothing appearing sometimes is related to the type page it is. I mean html, asp, aspx ect.
DNS hops chages with not only where your geographicly located, but even changes per request from same place.
When you say customers are complaining, are the complaints from a 5 second load time, or are some waits much longer? You can test from a spot like www.dnsreports.com, but it will be a test FROM their paticular hops to get to it, but it will give you the timing of each hop.

I wish you luck with it, but I am not sure what to tell you to look at next. I'll continue to give it some thought though.
0
grexxAuthor Commented:
The type of page cannot be the cause. If I open the page from our intranet, it opens in less than 1 second.

It turns out it has to do with the domain name. We have several, all going to the same webserver and sites, and one of them is fast as should be. Our new domain name (because of company name change) is slower. I'll probably open a new question about this.

Tannerman, your link to dnsreports was not really useful. At least I couldn't find anything there. It looks like one of those sites that have their domain name registration expired?
0
grexxAuthor Commented:
If you want to earn some extra points, look at:

DNS problem: differences in response time between domain names and subdomains
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21378165.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.