Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

internet slowness issue / possible firewall issue

Posted on 2013-12-17
8
Medium Priority
?
684 Views
Last Modified: 2014-05-20
Hi - We have a Sonicwall TZ-100, and we've been having an issue where our internet connection frequently comes to a screeching halt. Our download speeds are typically 56/d and 15/up, but when it slows, it goes to 2.5/d and 0/up. We know its one of 2 things, either our firewall is being pounded by something from the outside, or our ISP is having issues. When we call the ISP, they tell me they're seeing latency / packet loss around 38%. Also, if I restart the firewall, it clears up for a little while, so its hard to tell where its coming from. Could the latency/packet loss be due to something flooding the firewall/therefore network traffic, and this is what the ISP is seeing? If I check the log files on the firewall, nothing is really screaming out telling me there are any type of intrusion attempts. Another question, are there any tools other than depending on firewall log files that will tell me whats going on? Any help with this would be appreciated.
0
Comment
Question by:hodgem
  • 4
  • 3
8 Comments
 
LVL 27

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39725278
Hi hodgem,

How big is your environment (how many users roughly...any servers, how many)? Are you seeing any patterns, like are there batch sequences being transmitted outbound or heavy work loads during these downages?

From factory defaults have you configured anything out of the ordinary on the SonicWALL such as Flood Controls under Firewall Settings or DNS rebinding prevention Attacks or CGSS? Have you changed anything within the /diag.html page?

There are a couple of indicators besides the logs.
First off configure the Logs properly if you haven't done so already by going to Log > Settings select all Categories for logging and set the Logging Level to Debug.

What version of SonicOS is installed (located on System > Status page)? On the System > Status page you can see the Connections Peak number and the Max number. See below.System > StatusAlso under System > Diagnostics > Diagnostic Tool: select Connections Monitor and there you can filter and also see all the active connections on your network.

If you can perform a packet capture during this downage. Go to System > Packet Capture to initiate it. This will tell us what is actually going on and provider better insight.

Let me know... thanks!
0
 

Author Comment

by:hodgem
ID: 39725386
Hi - No servers onsite (cloud environment, accessing all servers offsite) - roughly 11 users/PCs - no heavy workloads at all, just accessing Citrix cloud servers.

From factory defaults have you configured anything out of the ordinary on the SonicWALL such as Flood Controls under Firewall Settings or DNS rebinding prevention Attacks or CGSS? Have you changed anything within the /diag.html page? I have not configured anything out of the ordinary, just access to their security camera system, and we had to set some rules for Skype, because we had really poor quality video.

Logs were already set to debug

OS installed is Sonic Enhanced 5.6.0.11-61o

Connections = Max 6000/peak 871/current 75 (uh oh)

Connection usage 1.250%

Could this be this issue?
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39725396
First step is to upgrade your firmware from 5.6.0.11-61o to the latest release, which is 5.9.0.2. Perform a backup of your settings before doing so.

Make sure you have the correct MTU setting as well. Read this to configure it properly: http://www.experts-exchange.com/A_12615.html

Connections and usage look low. For current use of 75...seems a bit low but it all depends on what is going on in your network at that time.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:hodgem
ID: 39725428
When it says 75 connections NOW, does that truly represent connections that are now connected to the network? If so, I can't imagine what devices would be connected to the network now being it's off hours. Other than the 11 computers, offsite Citrix server, a few network printers, I'm n
0
 

Author Comment

by:hodgem
ID: 39725429
.......I'm not sure what else would be connected
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39725522
Keep in mind, it is completely normal for many connections to initiate from one single computer e.g.(each: web browse, app update, email sync all can have multiple connections associated to them).
0
 
LVL 32

Expert Comment

by:masnrock
ID: 39727604
Computers can be connected to several systems at once. Update to the latest stable firmware, not the early release. And you also want to make sure that your MTU settings are properly set for your type of connection. I assume you are using cable?
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39730433
Any update on this?
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question