Internal websites outside firewall are slow

Posted on 2008-06-11
Last Modified: 2010-04-21
For our security I'm going to be a little generic in this description. I just need to know what *might* be happening so I can look into it. Here's the deal...

We have a Cisco pix firewall and a 2900 XL switch outside of that firewall that connects a WAN to our location. A separate switch with multiple VLANS is also attached to the PIX. The issue is that access to web servers attached to the 2900 XL are painfully slow. If the web server is serving up only static HTML the speed is fine, but for the two web servers that hit a database to display content the speed is so bad it can 5 to 10 minutes to load the first and every page.

Here's the kicker. If these servers are accessed from outside system (ie, not coming from an internal VLAN) the speed is fine. What could be causing this issue?
Question by:Stormspace
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 21760285
Have you checked speed / duplex on the interfaces of the Pix, and internal hosts?

Author Comment

ID: 21813773
Ok, Checked the ports and everything is set to auto and full duplex.

Accepted Solution

mabutterfield earned 125 total points
ID: 21816260
have you checked the routing / NATing of connections between them?  

Also, have you tried other types of connections, such as ping, or file transfers to determine latency/throughput. (this may require loosening the rulebase temporarily.)


Author Comment

ID: 21918011
Hmm. I'll have to look into that. It's something I haven't had to do yet.

Author Closing Comment

ID: 31466153
We eventually had to replace the equipment. Part of the problem I feel was the Sys admin's use of a rogue bin file to reflash the PIX.

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question