Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Internet Speeds are very slow (but bandwidth is fine)

Posted on 2011-03-18
Medium Priority
Last Modified: 2012-05-11

Over the past few weeks my org has been experiencing the following issue.
Browsing speeds are very slow to the internet but browsing internal resources is fine.

I will try to provide as much info as possible...

Bandwidth - Time Warner Cable 20 down 2 up
Router/Firewall - Sonicwall NSA 240 (latest firmware)
Switches - HP Procurve gigabit (latest firmware)
Users - 100

- We have spoken at length with Sonicwall who insists it is not their device and we do not have a virus issue since we dont have an abnormal amount of connections
- We are seeing some collisions on the HP on certain ports where other down level (8 port switches) are plugged in.  But these have been the case for over 2 years
- We have tried using different DNS and same issue
- We have tried multiple browsers, chrome, IE, firefox

Ran multiple AV scans on all machines and came up with nothing.

So here is what happens.. go to a page say and click on a link.
Loading, loading..................... times out

So heres the kicker... before 9AM and after 5:30 PM the speeds are super fast.... during the day they are bad.

How do we go about trying to find out what is happening during these times??!
Question by:btny
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
  • 2
  • +3

Expert Comment

ID: 35167600
All symptoms would indicate some type of traffic congestion or use of throttling.

One way to find out for sure .....

During the window in question, test with a station in front of the sonicwall.  I presume you have more usable IPs so you don't have to take your production network offline?

Expert Comment

ID: 35167678
Try this test for dropped packets and Internet line quality. Run the test in the morning and afternoon.

Our company had a similar situation. We had to get rid of our T1 lines because they sucked.

Expert Comment

ID: 35169966
I'd look into setting up the NetFlow monitoring on the sonicwall so you see which user/users and/or applications are causing the slow down.  

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

LVL 13

Expert Comment

ID: 35170356
I've seen this before.
If you're on a Windows domain, and the domain controller is overworked, DNS requests can be bery slow.

Author Comment

ID: 35182606
Thanks for all the suggestions, we will try one by one!

Author Comment

ID: 35182627
How do i tell if a DC is overworked?

Expert Comment

ID: 35182712
In terms of your specific issue, the hypothetical overworked DC would result in a substantial delay in DNS queries.

You can test this by doing a 'nslookup' and see how quickly it returns a result during the window in which you are experiencing slowness.

With only 100 users, I highly doubt its the actual DC that is slow.  If anything its the recursive queries (those forwarded to your ISP) that may be the hang up.

Test that specifically by 'nslookup <ip of your forwarding (ISP) DNS server>'


Author Comment

ID: 35191896

Nslookup is fine.

The issue seems to only be during business hours.

How on earth would I go about determining if this is a PC or port or something?

Expert Comment

ID: 35191998
Okay so you've tested delay for local and recursive (forwarded) queries and ruled out DNS resolution as the problem.  What happens when you test traffic outside of of the sonicwall?

Have you looked at the I/O stats on your perimeter switch to see if you are hitting your down limit?  If so then narrow down which port(s) is using up all the bandwidth.  Are your users proxied?  Check your statistics there or pull down stats via SNMP from your switches otherwise.

Author Comment

ID: 35203424
Users are not proxied.

Switch is not exceeding 1% of its usage.

We turned off an entire side of the office and still have the issue.

It's so odd and frustrating.  Web pages will load but not all the way, like they are choking and then after 10-15 seconds either time out or just go.

Expert Comment

ID: 35205564
Have you tested with a computer that is not behind of the sonicwall?

Author Comment

ID: 35208369
I just tested a seperate sonicwall interface and it has the same issue, we have not tested without the SW yet.

I also am seeing the following while pinging which seems odd

Reply from bytes=32 time=20ms TTL=53
Reply from bytes=32 time=13ms TTL=53
Reply from bytes=32 time=18ms TTL=53
Reply from bytes=32 time=15ms TTL=53
Reply from bytes=32 time=73ms TTL=53
Reply from bytes=32 time=38ms TTL=53
Reply from bytes=32 time=16ms TTL=53
Reply from bytes=32 time=280ms TTL=53
Reply from bytes=32 time=263ms TTL=53
Reply from bytes=32 time=344ms TTL=53
Reply from bytes=32 time=316ms TTL=53
Reply from bytes=32 time=761ms TTL=53
Reply from bytes=32 time=658ms TTL=53
Reply from bytes=32 time=208ms TTL=53
Reply from bytes=32 time=273ms TTL=53
Request timed out.
Reply from bytes=32 time=313ms TTL=53
Reply from bytes=32 time=562ms TTL=53
Reply from bytes=32 time=592ms TTL=53
Reply from bytes=32 time=535ms TTL=53
Reply from bytes=32 time=526ms TTL=53
Reply from bytes=32 time=384ms TTL=53
Reply from bytes=32 time=488ms TTL=53
Reply from bytes=32 time=522ms TTL=53
Reply from bytes=32 time=553ms TTL=53
Reply from bytes=32 time=443ms TTL=53
Reply from bytes=32 time=485ms TTL=53
Reply from bytes=32 time=491ms TTL=53
Reply from bytes=32 time=521ms TTL=53
Reply from bytes=32 time=541ms TTL=53
Reply from bytes=32 time=499ms TTL=53
Reply from bytes=32 time=416ms TTL=53
Reply from bytes=32 time=450ms TTL=53
Reply from bytes=32 time=394ms TTL=53
Reply from bytes=32 time=467ms TTL=53
Reply from bytes=32 time=497ms TTL=53
Reply from bytes=32 time=481ms TTL=53

Author Comment

ID: 35218137
Testing not behind the firewall is for the most part the same.

Our issue is SO BIZZARE

During busines hours here is what happens

I go to (loads up great)
I start clicking on links and one may not load.. it says waiting... and then it times out
I refresh and it loads lightening fast
and so forth

Any tools or ideas to troubleshoot this?

Expert Comment

ID: 35218180
You've ruled out DNS and now the sonicwall being the problem.  Entertain me however, with the same station in front of (not behind) of the firewall, set the DNS server to and see if your browsing slowness goes away.

Author Comment

ID: 35218210
Ok and just to clarify browsing is typically SUPER fast

but then all the sudden out of nowhere its SUPER SLOW and fails




Expert Comment

ID: 35219098
Did you have Time Warner Cable test you line?

Author Comment

ID: 35219387
TWC says everything checks out fine.

This is seeming like a DNS issue for me..

Expert Comment

ID: 35219397
Try adding a static DNS server to a single workstation to bypass your internal DNS. I use Open DNS

Expert Comment

ID: 35219860
I'm convinced btny is using a ouija board to troubleshoot this problem.

Accepted Solution

btny earned 0 total points
ID: 35379998
Called our ISp and they had a Intrusion Prevention System running on our modem.  Once they disabled that ALL WAS WELL.

Author Closing Comment

ID: 35410415
Everyone was very helpful but in the end it was our ISPs fault.

Our router has IPS and so did theirs and there was a weird conflict with the two running at the same time.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question