RedAdvanced
asked on
ASP page slow in initial connection
Hi Experts,
I have a nasty question here which drives me crazy for the last week and I don't seem to get a answer from the net.
We just upgraded our datacenter, with a two new Firewalls, both a Juniper SSG-320m which run in HA.
I put some webservers and sqlserver in there and now the problem starts.
A regular unix machine with apache and PHP is fast as lightning, but in the same acces rule (port 80 untrust to front-end zone) a Windows 2003 IIS server hosting a heavy .aspx page takes literaly 21 seconds to load.
I see in my logs a session is created but the request to the server has a timeout of 20 seconds.
So even when I have stopped the application it takes 20 seconds to get the server error.
Yesterday I put the server directly on the net, and then the performance is fine, but now back behing the SSG's the error is there again. I had a play with the ALGS and virus detection, but it didn;t seem to work. Maybe it has something to do with the Adress translation.
Is anyone familiar with this problem or can tell me what to to, because I'm quite desperate.
500 for the winning answer.
I have a nasty question here which drives me crazy for the last week and I don't seem to get a answer from the net.
We just upgraded our datacenter, with a two new Firewalls, both a Juniper SSG-320m which run in HA.
I put some webservers and sqlserver in there and now the problem starts.
A regular unix machine with apache and PHP is fast as lightning, but in the same acces rule (port 80 untrust to front-end zone) a Windows 2003 IIS server hosting a heavy .aspx page takes literaly 21 seconds to load.
I see in my logs a session is created but the request to the server has a timeout of 20 seconds.
So even when I have stopped the application it takes 20 seconds to get the server error.
Yesterday I put the server directly on the net, and then the performance is fine, but now back behing the SSG's the error is there again. I had a play with the ALGS and virus detection, but it didn;t seem to work. Maybe it has something to do with the Adress translation.
Is anyone familiar with this problem or can tell me what to to, because I'm quite desperate.
500 for the winning answer.
ASKER
That's what I thought of aswell, but after turning off ALG for all known services the performance wasn't getting better.
I also turned of all packet filters, anti-virus etc. just to see it would make any diffrence, but no. Nothing seemed to have caused the latency.
I also turned of all packet filters, anti-virus etc. just to see it would make any diffrence, but no. Nothing seemed to have caused the latency.
ASKER
What also needs to be mentioned, is that this firewall cluster is brand new. There are hardly other servers behind it that a DNS server and a apache webserver, which are actually running fine.
I am sorry but I am not sure what else might be causing such a behavior; if linux works good so should windows; may be some other expert might have some suggestion.
Regards.
Regards.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ALG does packet inspection and hence would introduce latency; latency is even introduced by the firewall itself; NAT, packet inspection and other things like antivirus would also cause latency.
As I said earlier I am not 100% sure, but would be interesting to see the results.
Thank you.