Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] HTTP slow through FW1

To: [email protected]
Subject: [FW1] HTTP slow through FW1
From: "Ashleigh Martin" <[email protected]>
Date: Thu, 31 May 2001 10:05:47 +1000
Sender: [email protected]

I have a strange problem and was wondering if anyone had seen anything
similar.

Environment
1.    Firewall is 4.1sp2 on WindowsNTsp6a
2.    firewall
2.    there is a 4Mb internet connection on the public side of the firewall
3.    the firewall has 4 NIC's, 1 is public, 1 is DMZ (althought unsused at
the moment), 2 are private subnets
4.    client's internet access from behind the firewall is direct, ie. not
via a proxy server
5.    the firewall has no security servers defined, no SYNdefender, no
anti-spoofing (to eliminate these from the cause)
6.    the firewall is not doing any DNS
7.    approximately 150 users
8.    No unusal drops or rejects in the firewall logs

here is the issue:
-    from any workstation on the internal network ( ie behind the firewall
), we can FTP, Telnet etc to the internet with download speeds of 200 -
400Kb/s as expected with the link but the HTTP downloads from within the
clients browsers crawl to between 2.0Kbs to 10Kb/s no matter where they are
being fetched from
-    now if a pc is then connected directly to the external router ( ie
infront of firewall ) we see HTTP download speeds of between 200-400Kbs
from the same sites as before.
-    as soon as this is placed behind the firewall again, back to 2.0-10kbs

the firewall is a very simple configuration, no VPN or encryption, just
three NAT entries, SMTP mail rules and HTTP, FTP, TELNET access for any of
the subnets behind the firewall, routing between the subnets

can anyone shed any light on why the HTTP traffic is so slow seemingly as a
result of passing through the firewall?


Thanks,

Ash
**********Confidentiality/Limited Liability Statement***************

This message contains privileged and confidential information intended only
for the use of the addressee named above.  If you are not the intended
recipient of this message, you must not disseminate, copy or take any
action in reliance on it.  If you have received this message in error,
please notify Data#3 immediately.  Any views expressed in this message are
those of the individual sender and Data#3 accepts no liability for the
content of this message except where the sender specifically states them to
be the views of Data#3.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Problem with eSafe and CPFw1 sp3
Next by Date: RE: [FW1] Windows 2000 Terminal Services
Previous by thread: [FW1] Problem while upgrading Solaris 2.5 FW-1 3.0b SP8 to Nokia IP440 4.1 SP2.
Next by thread: [FW1] Secure Remote Through a Linksys Router.
Index(es):
- Date
- Thread