Internal websites outside firewall are slow

Posted on 2008-06-11
Last Modified: 2010-04-21
For our security I'm going to be a little generic in this description. I just need to know what *might* be happening so I can look into it. Here's the deal...

We have a Cisco pix firewall and a 2900 XL switch outside of that firewall that connects a WAN to our location. A separate switch with multiple VLANS is also attached to the PIX. The issue is that access to web servers attached to the 2900 XL are painfully slow. If the web server is serving up only static HTML the speed is fine, but for the two web servers that hit a database to display content the speed is so bad it can 5 to 10 minutes to load the first and every page.

Here's the kicker. If these servers are accessed from outside system (ie, not coming from an internal VLAN) the speed is fine. What could be causing this issue?
Question by:Stormspace
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 21760285
Have you checked speed / duplex on the interfaces of the Pix, and internal hosts?

Author Comment

ID: 21813773
Ok, Checked the ports and everything is set to auto and full duplex.

Accepted Solution

mabutterfield earned 125 total points
ID: 21816260
have you checked the routing / NATing of connections between them?  

Also, have you tried other types of connections, such as ping, or file transfers to determine latency/throughput. (this may require loosening the rulebase temporarily.)


Author Comment

ID: 21918011
Hmm. I'll have to look into that. It's something I haven't had to do yet.

Author Closing Comment

ID: 31466153
We eventually had to replace the equipment. Part of the problem I feel was the Sys admin's use of a rogue bin file to reflash the PIX.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question