[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Draytek Firewall seems to cause slow internet performance

Posted on 2010-03-29
8
Medium Priority
?
4,248 Views
Last Modified: 2012-06-21
Hi Experts,

I've this weird problem. During the week the internet performance seems to be slower and slower.
When I reboot my firewall everything works normal again but after a few days it's gettings slower and slower again. At the beginning of the week it's so slow that you can't surf normally. Then again, after I reboot the firewall it's working again.

This is my netwerk situation:

first you've have to pass a Draytek Firewall (Vigor 3300v)
second you've ran into a ISA server 2004

Could it be it has something do with ISA as well, eventhough a reboot on the draytek makes it work again?

I can't find anything simular so far on EE or Google.

Please advice what steps I can take to solve this problem?

I've already contacted Draytek support but all they sending me is firmware updates but they doesn't seem to work so far.

Anyway, hopefully some of you experts has an idea?

Grtz,

LenTheM@n
0
Comment
Question by:KNBsysteembeheer01
8 Comments
 
LVL 8

Expert Comment

by:Kruger_monkey
ID: 28955585
Have you checked with your ISP regarding the slowdown?  It's possible they draytek is causing it, maybe it has a fault.  I use draytek a lot and I've never had a slowdown problem that you mention, but obviously if there is a fault that could cause it.

It may also be a problem on the line.  Resetting the draytek refreshes the connection and off you go again until it drops down.

Do you have a spare draytek that you can replace your 3300 with?  That way you could see if the problem persisted with a different router or went away.  
0
 

Author Comment

by:KNBsysteembeheer01
ID: 28959200
Hi Kruger Monkey,

Thanks for your reply. I don't think it's the ISP because when I plug in a laptop in front off my firewalls there's nothing wrong. A little side note. When a colleague logs in from home through citrix (ica protocol) it works fine. But when he goes to the browser within the citrix session it's very slow. So it seems it's only has to do with http traffic over port 80.

there are 2 drayteks. One master and one in slave mode. In cause of a failure the slave takes over and back again when the master is up. I can probably check to see if I let all the traffic to go over the slave if the problem still occurs. But the answer to that I know next week because it takes about a week to get slower and slower till the point it's not workable anymore.

Kind regards,

LentheM@n
0
 
LVL 5

Expert Comment

by:delmc
ID: 28959267
Has the draytek been configured to pass DNS to the ISA? Has port 80 & 8080 been set to forward to the ISA server, if this hasn't been done then you will run into browsing issues. I would check these first and see if the problem exists.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 5

Expert Comment

by:q2q
ID: 30186717
make sure you have upgraded the drayteks firmware as there will be a new version if you have never done this since having the device, the old firmware for the 3300 is buggy.
Has anyone enabled a 'High availabilty rule' from the panel go to Netwokr > High availabilty
or a Quality of service  (QoS on the 3300v interface)

When the connection is really slow it might be worth while having a quick look at the Data flow monitor found at
System - Diagnostic Tools - Data Flow monitor (make sure you enable in the top left) very useful to see if soomething is hammering the lines.

Last bit- what type of internet connections do you have. Any what ype of setup do you have on the draytek for load balancing, a screen shot of your WAN layout would be best please (from network > WAN).

It may also be worth raising a support ticket withthe draytek support team (they are very helpful and will give you beta firmware if need be) support @ draytek.com

Hope this helps


0
 

Author Comment

by:KNBsysteembeheer01
ID: 30500105
Hi q2g,

high availability is on and it's synced ok.
I will have a look at the data flow monitor but I can't see that until next week.

I've attached the WAN settings below.

I already contacted the Draytek helpdesk but they couldn't help me. They gave me new firmware and monitored remotely my Drayteks but still no solution.

Thanks for helping me

Grtz,

LenTheM@n

draytek-wan-settings.jpg
0
 
LVL 5

Accepted Solution

by:
q2q earned 1000 total points
ID: 30502728
You have mentioned that you have a draytek in slave mode. Could you give some more details to this setup. Do you mean you have 2 drayteks each as a seperate gateway?

You have also said you have put a laptop infront of the firewall and it works fine. Have you put a laptop between the draytek and isa. So the notebook is using the draytek as a gateway and not passing traffic through the isa server. When this is the setup can the problem be replicated. If so then I would say its a draytek problem.

Are there any big services going through the draytek that could be connecting and taking up resources by never disconnecting. Have you looked at data flow monitor (System - Diagnostic Tools - Data Flow monitor) to see if there are any persistant connections.
0
 

Author Comment

by:KNBsysteembeheer01
ID: 32241691
sorry I didn't responded earlier. It's very hectic at work. But I've tried to use the dataflow monitor but I see nothing weird. I will try to put a laptop between the ISA and the firewall and let you know the results
0
 

Author Closing Comment

by:KNBsysteembeheer01
ID: 32779361
It did not help me to solve this problem completely but it helped met to get more information about the cause of the problem.
0

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Get the source code for a fully functional Access application shell with several popular security features that Access VBA application developers desire, but find difficult or impossible to figure out how to code. You get the source code for managi…
Suggested Courses

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question