?
Solved

Juniper SSG-140 Slow Traffic

Posted on 2011-02-16
11
Medium Priority
?
6,841 Views
Last Modified: 2012-05-11
I have narrowed it down on our Juniper SSG-140  we have 3 Zones

DMZ-0/9  10/100/1000
Trusted -0/8  10/100/1000
Untrusted-0/2  10/100

Any time I copy a fle FROM the DMZ (DMZ->Trusted)  its very slow like 150-250 KB
Any time I copy a file FROM the Trusted (Trusted->DMZ) is fine and fast like 30 - 50MB

I have look through all my polices and find no traffic shaping policies to hender this, and have not engres and egress set at all on the DMZ or the Trusted interface

the only thing that looks out of shorts is  the Interfaces Page Reads out the Ethernet0/9 - DMZ as 100mb and it should be 1000mb  and the Ethernet0/8 - Trusted is reading out as 1000mb like it should

FYI those too ports are suppose to be 10/100/1000 ports and all the rest are 10/100
0
Comment
Question by:Mirrorinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 2

Expert Comment

by:treetop3
ID: 34909262
Hi,

There seems to be a switch or a hub in between DMZ to Trust that is dropping it down to 100

Regards,
TT
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34909279
You may need to manually set the interface bandwidth and duplex from the command line. That should sort out the issues with transfer speed
0
 

Author Comment

by:Mirrorinc
ID: 34909565
I know we have the 100mb 1000mb issue a while ago on both those ports, and I we had to change duplex setting on the ports, all the switch connected up to these 2 ports are Cisco 2960 Gigbit switches..

I 'm not to versed in the commands on this FW so I don't know what the syntex is for manaully setting the bandwidth?
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 70

Expert Comment

by:Qlemo
ID: 34909969
For 1GB full duplex (which doesn't make much sense, since GB runs best with auto-negotiation):
    set interface eth0/9 phy full 1000mb
0
 

Author Comment

by:Mirrorinc
ID: 34910300
how would you set it to auto then?
0
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 2000 total points
ID: 34910339
set interface eth0/9 phy auto

this should do it. when you are using the command line. If you partially type a command, you can use the 'tab' key to fill in the rest of the command or the '?' key to show the available options.

eg
set interface eth0/9 phy ?

will display:
device-> set interface trust phy
<return>
auto                 auto negotiation
full                 force full duplex
half                 force half duplex
holddown             holddown time

device-> set interface trust phy

0
 

Author Comment

by:Mirrorinc
ID: 34910373
if I remember right this doesn't affect any live traffic correct?
0
 

Author Comment

by:Mirrorinc
ID: 34910380
how to you display with the interface is currently set at?
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34910407
get interface <interface name>
0
 

Author Closing Comment

by:Mirrorinc
ID: 34911344
Thanks everything started to work much faster after setting it to auto.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 34911356
Qlemo should get credit too. he was the first post with the actual command :)
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month14 days, 7 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question