Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

internet slowness issue / possible firewall issue

Posted on 2013-12-17
8
Medium Priority
?
678 Views
Last Modified: 2014-05-20
Hi - We have a Sonicwall TZ-100, and we've been having an issue where our internet connection frequently comes to a screeching halt. Our download speeds are typically 56/d and 15/up, but when it slows, it goes to 2.5/d and 0/up. We know its one of 2 things, either our firewall is being pounded by something from the outside, or our ISP is having issues. When we call the ISP, they tell me they're seeing latency / packet loss around 38%. Also, if I restart the firewall, it clears up for a little while, so its hard to tell where its coming from. Could the latency/packet loss be due to something flooding the firewall/therefore network traffic, and this is what the ISP is seeing? If I check the log files on the firewall, nothing is really screaming out telling me there are any type of intrusion attempts. Another question, are there any tools other than depending on firewall log files that will tell me whats going on? Any help with this would be appreciated.
0
Comment
Question by:hodgem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39725278
Hi hodgem,

How big is your environment (how many users roughly...any servers, how many)? Are you seeing any patterns, like are there batch sequences being transmitted outbound or heavy work loads during these downages?

From factory defaults have you configured anything out of the ordinary on the SonicWALL such as Flood Controls under Firewall Settings or DNS rebinding prevention Attacks or CGSS? Have you changed anything within the /diag.html page?

There are a couple of indicators besides the logs.
First off configure the Logs properly if you haven't done so already by going to Log > Settings select all Categories for logging and set the Logging Level to Debug.

What version of SonicOS is installed (located on System > Status page)? On the System > Status page you can see the Connections Peak number and the Max number. See below.System > StatusAlso under System > Diagnostics > Diagnostic Tool: select Connections Monitor and there you can filter and also see all the active connections on your network.

If you can perform a packet capture during this downage. Go to System > Packet Capture to initiate it. This will tell us what is actually going on and provider better insight.

Let me know... thanks!
0
 

Author Comment

by:hodgem
ID: 39725386
Hi - No servers onsite (cloud environment, accessing all servers offsite) - roughly 11 users/PCs - no heavy workloads at all, just accessing Citrix cloud servers.

From factory defaults have you configured anything out of the ordinary on the SonicWALL such as Flood Controls under Firewall Settings or DNS rebinding prevention Attacks or CGSS? Have you changed anything within the /diag.html page? I have not configured anything out of the ordinary, just access to their security camera system, and we had to set some rules for Skype, because we had really poor quality video.

Logs were already set to debug

OS installed is Sonic Enhanced 5.6.0.11-61o

Connections = Max 6000/peak 871/current 75 (uh oh)

Connection usage 1.250%

Could this be this issue?
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39725396
First step is to upgrade your firmware from 5.6.0.11-61o to the latest release, which is 5.9.0.2. Perform a backup of your settings before doing so.

Make sure you have the correct MTU setting as well. Read this to configure it properly: http://www.experts-exchange.com/A_12615.html

Connections and usage look low. For current use of 75...seems a bit low but it all depends on what is going on in your network at that time.
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 

Author Comment

by:hodgem
ID: 39725428
When it says 75 connections NOW, does that truly represent connections that are now connected to the network? If so, I can't imagine what devices would be connected to the network now being it's off hours. Other than the 11 computers, offsite Citrix server, a few network printers, I'm n
0
 

Author Comment

by:hodgem
ID: 39725429
.......I'm not sure what else would be connected
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39725522
Keep in mind, it is completely normal for many connections to initiate from one single computer e.g.(each: web browse, app update, email sync all can have multiple connections associated to them).
0
 
LVL 31

Expert Comment

by:masnrock
ID: 39727604
Computers can be connected to several systems at once. Update to the latest stable firmware, not the early release. And you also want to make sure that your MTU settings are properly set for your type of connection. I assume you are using cable?
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39730433
Any update on this?
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question