internet slowness issue / possible firewall issue

Hi - We have a Sonicwall TZ-100, and we've been having an issue where our internet connection frequently comes to a screeching halt. Our download speeds are typically 56/d and 15/up, but when it slows, it goes to 2.5/d and 0/up. We know its one of 2 things, either our firewall is being pounded by something from the outside, or our ISP is having issues. When we call the ISP, they tell me they're seeing latency / packet loss around 38%. Also, if I restart the firewall, it clears up for a little while, so its hard to tell where its coming from. Could the latency/packet loss be due to something flooding the firewall/therefore network traffic, and this is what the ISP is seeing? If I check the log files on the firewall, nothing is really screaming out telling me there are any type of intrusion attempts. Another question, are there any tools other than depending on firewall log files that will tell me whats going on? Any help with this would be appreciated.
hodgemAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Blue Street TechConnect With a Mentor Last KnightsCommented:
Hi hodgem,

How big is your environment (how many users roughly...any servers, how many)? Are you seeing any patterns, like are there batch sequences being transmitted outbound or heavy work loads during these downages?

From factory defaults have you configured anything out of the ordinary on the SonicWALL such as Flood Controls under Firewall Settings or DNS rebinding prevention Attacks or CGSS? Have you changed anything within the /diag.html page?

There are a couple of indicators besides the logs.
First off configure the Logs properly if you haven't done so already by going to Log > Settings select all Categories for logging and set the Logging Level to Debug.

What version of SonicOS is installed (located on System > Status page)? On the System > Status page you can see the Connections Peak number and the Max number. See below.System > StatusAlso under System > Diagnostics > Diagnostic Tool: select Connections Monitor and there you can filter and also see all the active connections on your network.

If you can perform a packet capture during this downage. Go to System > Packet Capture to initiate it. This will tell us what is actually going on and provider better insight.

Let me know... thanks!
0
 
hodgemAuthor Commented:
Hi - No servers onsite (cloud environment, accessing all servers offsite) - roughly 11 users/PCs - no heavy workloads at all, just accessing Citrix cloud servers.

From factory defaults have you configured anything out of the ordinary on the SonicWALL such as Flood Controls under Firewall Settings or DNS rebinding prevention Attacks or CGSS? Have you changed anything within the /diag.html page? I have not configured anything out of the ordinary, just access to their security camera system, and we had to set some rules for Skype, because we had really poor quality video.

Logs were already set to debug

OS installed is Sonic Enhanced 5.6.0.11-61o

Connections = Max 6000/peak 871/current 75 (uh oh)

Connection usage 1.250%

Could this be this issue?
0
 
Blue Street TechLast KnightsCommented:
First step is to upgrade your firmware from 5.6.0.11-61o to the latest release, which is 5.9.0.2. Perform a backup of your settings before doing so.

Make sure you have the correct MTU setting as well. Read this to configure it properly: http://www.experts-exchange.com/A_12615.html

Connections and usage look low. For current use of 75...seems a bit low but it all depends on what is going on in your network at that time.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
hodgemAuthor Commented:
When it says 75 connections NOW, does that truly represent connections that are now connected to the network? If so, I can't imagine what devices would be connected to the network now being it's off hours. Other than the 11 computers, offsite Citrix server, a few network printers, I'm n
0
 
hodgemAuthor Commented:
.......I'm not sure what else would be connected
0
 
Blue Street TechLast KnightsCommented:
Keep in mind, it is completely normal for many connections to initiate from one single computer e.g.(each: web browse, app update, email sync all can have multiple connections associated to them).
0
 
masnrockCommented:
Computers can be connected to several systems at once. Update to the latest stable firmware, not the early release. And you also want to make sure that your MTU settings are properly set for your type of connection. I assume you are using cable?
0
 
Blue Street TechLast KnightsCommented:
Any update on this?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.