Solved

internet slowness issue / possible firewall issue

Posted on 2013-12-17
8
646 Views
Last Modified: 2014-05-20
Hi - We have a Sonicwall TZ-100, and we've been having an issue where our internet connection frequently comes to a screeching halt. Our download speeds are typically 56/d and 15/up, but when it slows, it goes to 2.5/d and 0/up. We know its one of 2 things, either our firewall is being pounded by something from the outside, or our ISP is having issues. When we call the ISP, they tell me they're seeing latency / packet loss around 38%. Also, if I restart the firewall, it clears up for a little while, so its hard to tell where its coming from. Could the latency/packet loss be due to something flooding the firewall/therefore network traffic, and this is what the ISP is seeing? If I check the log files on the firewall, nothing is really screaming out telling me there are any type of intrusion attempts. Another question, are there any tools other than depending on firewall log files that will tell me whats going on? Any help with this would be appreciated.
0
Comment
Question by:hodgem
  • 4
  • 3
8 Comments
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39725278
Hi hodgem,

How big is your environment (how many users roughly...any servers, how many)? Are you seeing any patterns, like are there batch sequences being transmitted outbound or heavy work loads during these downages?

From factory defaults have you configured anything out of the ordinary on the SonicWALL such as Flood Controls under Firewall Settings or DNS rebinding prevention Attacks or CGSS? Have you changed anything within the /diag.html page?

There are a couple of indicators besides the logs.
First off configure the Logs properly if you haven't done so already by going to Log > Settings select all Categories for logging and set the Logging Level to Debug.

What version of SonicOS is installed (located on System > Status page)? On the System > Status page you can see the Connections Peak number and the Max number. See below.System > StatusAlso under System > Diagnostics > Diagnostic Tool: select Connections Monitor and there you can filter and also see all the active connections on your network.

If you can perform a packet capture during this downage. Go to System > Packet Capture to initiate it. This will tell us what is actually going on and provider better insight.

Let me know... thanks!
0
 

Author Comment

by:hodgem
ID: 39725386
Hi - No servers onsite (cloud environment, accessing all servers offsite) - roughly 11 users/PCs - no heavy workloads at all, just accessing Citrix cloud servers.

From factory defaults have you configured anything out of the ordinary on the SonicWALL such as Flood Controls under Firewall Settings or DNS rebinding prevention Attacks or CGSS? Have you changed anything within the /diag.html page? I have not configured anything out of the ordinary, just access to their security camera system, and we had to set some rules for Skype, because we had really poor quality video.

Logs were already set to debug

OS installed is Sonic Enhanced 5.6.0.11-61o

Connections = Max 6000/peak 871/current 75 (uh oh)

Connection usage 1.250%

Could this be this issue?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39725396
First step is to upgrade your firmware from 5.6.0.11-61o to the latest release, which is 5.9.0.2. Perform a backup of your settings before doing so.

Make sure you have the correct MTU setting as well. Read this to configure it properly: http://www.experts-exchange.com/A_12615.html

Connections and usage look low. For current use of 75...seems a bit low but it all depends on what is going on in your network at that time.
0
 

Author Comment

by:hodgem
ID: 39725428
When it says 75 connections NOW, does that truly represent connections that are now connected to the network? If so, I can't imagine what devices would be connected to the network now being it's off hours. Other than the 11 computers, offsite Citrix server, a few network printers, I'm n
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:hodgem
ID: 39725429
.......I'm not sure what else would be connected
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39725522
Keep in mind, it is completely normal for many connections to initiate from one single computer e.g.(each: web browse, app update, email sync all can have multiple connections associated to them).
0
 
LVL 20

Expert Comment

by:masnrock
ID: 39727604
Computers can be connected to several systems at once. Update to the latest stable firmware, not the early release. And you also want to make sure that your MTU settings are properly set for your type of connection. I assume you are using cable?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39730433
Any update on this?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now