[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Juniper SSG-140 Slow Traffic

Posted on 2011-02-16
Medium Priority
Last Modified: 2012-05-11
I have narrowed it down on our Juniper SSG-140  we have 3 Zones

DMZ-0/9  10/100/1000
Trusted -0/8  10/100/1000
Untrusted-0/2  10/100

Any time I copy a fle FROM the DMZ (DMZ->Trusted)  its very slow like 150-250 KB
Any time I copy a file FROM the Trusted (Trusted->DMZ) is fine and fast like 30 - 50MB

I have look through all my polices and find no traffic shaping policies to hender this, and have not engres and egress set at all on the DMZ or the Trusted interface

the only thing that looks out of shorts is  the Interfaces Page Reads out the Ethernet0/9 - DMZ as 100mb and it should be 1000mb  and the Ethernet0/8 - Trusted is reading out as 1000mb like it should

FYI those too ports are suppose to be 10/100/1000 ports and all the rest are 10/100
Question by:Mirrorinc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 34909262

There seems to be a switch or a hub in between DMZ to Trust that is dropping it down to 100

LVL 18

Expert Comment

by:Sanga Collins
ID: 34909279
You may need to manually set the interface bandwidth and duplex from the command line. That should sort out the issues with transfer speed

Author Comment

ID: 34909565
I know we have the 100mb 1000mb issue a while ago on both those ports, and I we had to change duplex setting on the ports, all the switch connected up to these 2 ports are Cisco 2960 Gigbit switches..

I 'm not to versed in the commands on this FW so I don't know what the syntex is for manaully setting the bandwidth?
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

LVL 71

Expert Comment

ID: 34909969
For 1GB full duplex (which doesn't make much sense, since GB runs best with auto-negotiation):
    set interface eth0/9 phy full 1000mb

Author Comment

ID: 34910300
how would you set it to auto then?
LVL 18

Accepted Solution

Sanga Collins earned 2000 total points
ID: 34910339
set interface eth0/9 phy auto

this should do it. when you are using the command line. If you partially type a command, you can use the 'tab' key to fill in the rest of the command or the '?' key to show the available options.

set interface eth0/9 phy ?

will display:
device-> set interface trust phy
auto                 auto negotiation
full                 force full duplex
half                 force half duplex
holddown             holddown time

device-> set interface trust phy


Author Comment

ID: 34910373
if I remember right this doesn't affect any live traffic correct?

Author Comment

ID: 34910380
how to you display with the interface is currently set at?
LVL 18

Expert Comment

by:Sanga Collins
ID: 34910407
get interface <interface name>

Author Closing Comment

ID: 34911344
Thanks everything started to work much faster after setting it to auto.
LVL 18

Expert Comment

by:Sanga Collins
ID: 34911356
Qlemo should get credit too. he was the first post with the actual command :)

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question