[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] HTTP slow through FW1
I have a strange problem and was wondering if anyone had seen anything similar. Environment 1. Firewall is 4.1sp2 on WindowsNTsp6a 2. firewall 2. there is a 4Mb internet connection on the public side of the firewall 3. the firewall has 4 NIC's, 1 is public, 1 is DMZ (althought unsused at the moment), 2 are private subnets 4. client's internet access from behind the firewall is direct, ie. not via a proxy server 5. the firewall has no security servers defined, no SYNdefender, no anti-spoofing (to eliminate these from the cause) 6. the firewall is not doing any DNS 7. approximately 150 users 8. No unusal drops or rejects in the firewall logs here is the issue: - from any workstation on the internal network ( ie behind the firewall ), we can FTP, Telnet etc to the internet with download speeds of 200 - 400Kb/s as expected with the link but the HTTP downloads from within the clients browsers crawl to between 2.0Kbs to 10Kb/s no matter where they are being fetched from - now if a pc is then connected directly to the external router ( ie infront of firewall ) we see HTTP download speeds of between 200-400Kbs from the same sites as before. - as soon as this is placed behind the firewall again, back to 2.0-10kbs the firewall is a very simple configuration, no VPN or encryption, just three NAT entries, SMTP mail rules and HTTP, FTP, TELNET access for any of the subnets behind the firewall, routing between the subnets can anyone shed any light on why the HTTP traffic is so slow seemingly as a result of passing through the firewall? Thanks, Ash **********Confidentiality/Limited Liability Statement*************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message, you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Data#3 immediately. Any views expressed in this message are those of the individual sender and Data#3 accepts no liability for the content of this message except where the sender specifically states them to be the views of Data#3. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|