Solved

PIX bandwidth throttling / prioritizing

Posted on 2008-10-16
6
1,039 Views
Last Modified: 2012-05-05
Hello Experts

We frequently have to send email fanouts to large lists.  When we do our Internet access is lost for hours because our Exchange 2007 SP1 server is using all of the available outbound bandwidth.  Our firewall is a PIX 515 v8.0(2) with ASDM v6.0(2).

I have tried giving tcp/80 priority and I have tried throttling tcp/25 in the PIX but neither seemed to work.  Can someone give me step by step instructions on how to allow http/https traffic through the firewall when these fanouts are happening?  Please provide instructions for use with ASDM.  I am not a command line person.

If someone can tell me how to limit bandwidth usage in Exchange that would work too.
0
Comment
Question by:cmartell
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:It breaks therefore I am
ID: 22735208
The other solution I use is to use an application like ADR (Advanced Direct Remailer) the application supports bandwidth throttling so it can for instance send 20 messages at one time so it does not max out your DSL. Additionally it uses its own SMTP engine freeing your Exchange Server for other messaging tasks.
0
 
LVL 4

Author Comment

by:cmartell
ID: 22735333
Thanks Johan but I'm not looking for a client side solution.  I never know who is going to be sending the fanout so I wouldn't know where to install it anyway.

Ideally I would like to throttle the bandwidth on the Exchange server.  If I can't do that then I would like to configure the PIX to give web traffic higher priority or if that can't be done configure it so that smtp doesn't take more than half of the available bandwidth.
0
 
LVL 3

Accepted Solution

by:
leonjs earned 330 total points
ID: 22749288
I am more of a ASA guy but  can you tell me what value you put in for policing port 25? 100K 90k?  Also what interface did you apply the policy to ? I beleive it needs to be applied to the egress interface.

Remember the pix/asa weren't designed for QOS the router was and it has alot more features. Very easy for you to specific in the router that when network traffic is congested port 25 is not allowed to use more then 20% of the bandwidth for example, and when there is no congestion everything goes back to normal. If you find no luck making this work on the pix i would experiment with the router.
0
[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

 
LVL 4

Author Comment

by:cmartell
ID: 22760305
Thanks leonjs.  I haven't had a chance to verify this yet but I think you have pointed me in the right direction.  I had the policy applied to the inside interface policing inbound traffic and I think it needs to be on the outside interface policing outbound traffic.  Although the article below doesn't specify that the policy has to be specified on the outside interface, all of their examples are on the outside.  The article does mention that the policy has to be applied to outbound traffic though.  I will let you know if it works when we do our next fanout.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml

With regards to your question, I have limited outbound smtp traffic to 200k.  When the fanouts were saturating the bandwidth the PIX showed 600k of outbound traffic.
0
 
LVL 3

Expert Comment

by:leonjs
ID: 22760419
Next time a fan out occurs I strongly suggest you use this show command " show service-policy police"  It will show you packets being dropped as a result of your configurations.  

Very useful in verifying whether you've done the right thing.  I am pretty sure that command works on the PIX (I hate the finesse os) but i know it works on the asa.  good luck

-Leon
0
 
LVL 4

Author Closing Comment

by:cmartell
ID: 31506875
Doing another fanout right now and it appears moving the policy to the outside interface and outgoing traffic solved the problem.  Thanks for your help leonjs.
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now