[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need help to solve why our site is slow behind firewall

Posted on 2007-03-21
17
Medium Priority
?
354 Views
Last Modified: 2013-11-16
Looking for someone to help figure out what a checkpoint firewall does not like about our site.  We have a .Net 2.0 site and people behind certain firewalls are experiencing mega (1.5 minutes) load time.  Can anyone recommend a solution or would be willing to help?

0
Comment
Question by:mcannonmcannon
  • 8
  • 3
  • 2
  • +3
16 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18770221
I don't have any Checkpoint exposure but first of all, are you sure that checkpoint is the one which is causing this? If so, how did you arrive at that conclusion ?

Cheers,
Rajesh
0
 

Author Comment

by:mcannonmcannon
ID: 18770732
We have several customers experiencing the delays and the only thing I have found so far in common is the Checkpoint firewall.  Not saying that is the problem but certianly looks to be a good candidate.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 18772281
just for clarification.  You are hosting the web server at your site.  People at outside sites behind checkpoint firewalls are experiencing slow connections.  People outside not behind checkpoint firewalls are ok?

I just want to make sure of this since I've actually never heard of this type of issue before.  The only thing I can think of right away is DNS not resolving correctly so it times out on a couple of servers before it gets to one with an answer it can use.  However, this should only cause a problem the first time as then subsequent loads should be faster as the DNS entry would be cached.

Can you confirm that after the site loads the first page, that navigation goes smoothly or goes slow for every page.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:mcannonmcannon
ID: 18774956
The site is hosted at a premium facility and yes so far as we can determine the only commonality is the checkpoint firewall.  Each page is slow when they are behind the firewall.  I have tested from 30+ locations and it is pretty fast 3-5 seconds.

Thought maybe the firewall was doing some type of deep packet inspection and getting hung up on something.  Not sure.  Right now I am attempting to get some of the users to perform Netmon traces.

Any thoughts / ideas / recommendations are helpful
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18777065
One possible reason can be high fragmentation at firewall's side. What is the MTU set on the firewall for both incoming and outgoing interfaces ??

Cheers,
Rajesh
0
 

Author Comment

by:mcannonmcannon
ID: 18779188
A big issue is its not our firewall but rather the customers.  Other sites are fine for them as well and it is just our site having the issue.  Wondering if the firewall could be having an issue with the .net code.
0
 

Expert Comment

by:gatomalaco
ID: 18806256
Some questions (for better understanding ^_^ )

1- Which product and version of Checkpoint are you using?
2- Are you using applieaces like Nokia's IPSO or any other vendor like crossbeam? Or, Are you using a SecurePlatform distro?
3- Have you check if in the rulebase is SmartDefence applied? If you are using SmartDefence, how fast is your firewall MicroProcessor? how much RAM do you have? what is the NIC's brand and model?
4- In the rule base (security policy), which services are you allowing in the rule? (tcp, udp & others? which version of all of them?)
5- have you tried to replicate this problem and scenario on a lab?

0
 

Author Comment

by:mcannonmcannon
ID: 18823108
gatomalaco - Did you read the posts?  It is NOT our firewall so I have very little information on it except to note that the few customers having the issue are behind Checkpoints.
0
 

Author Comment

by:mcannonmcannon
ID: 18823206
gatomalaco - Did you read the posts?  It is NOT our firewall so I have very little information on it except to note that the few customers having the issue are behind Checkpoints.
0
 

Author Comment

by:mcannonmcannon
ID: 18908463
Turns out is was an ISAPI filter causing all the issues.  
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18909812
Could you be a bit more precise, on what side what ISAPI filter did reduce the speed.

This site is also a knowledge base, and there will be others facing the same problems too.

Tolomir
0
 

Author Comment

by:mcannonmcannon
ID: 18926645
We had an ISAPI filter loaded on our IIS web server that helped our web analytics package.   We are not sure why it caused problems but removing it fixed the issue for them.  We are looking to see if we can determine what the issue with the ISAPI filter and the handful of our customers that were experiencing the issue was.  For now the solution is to not use the ISAPI fiter.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 18931004
That's why I only use Apache, IIS has too many issues  ;)  jk, please don't flame me.

That is really bizarre though.  Just out of curiousity how did you know to look at disabling the ISAPI filter.  Mainly just curious if you were trying random things or you had a reason to check it out (e.g event logs, etc.).
0
 

Author Comment

by:mcannonmcannon
ID: 19684210
Did not realize it was still open. Sorry.  The issue while only with Checkpoint Firewalls turned out to be an ASAPI filter on IIS that was doing a reverse DNS lookup.  Not sure what the issue was but disabling the reverse DNS lookup solved the problem.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 19684437
ok, so I was right, dns lookups timing out.  However, I have no clue how the ISAPI reverse dns lookups work. It should still have loaded quicker on subsequent page loads as the dns resolving should have the failures cached as well as the successes.   Still quite odd that it was only Checkpoint firewalls. Either that or an unbelievable coincidence.
0
 

Accepted Solution

by:
AnnieMod earned 0 total points
ID: 19699547
PAQed with points refunded (500)

AnnieMod
Cleanup Admin
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question