SQL Slow though ASA 5510

Unanswered Question
May 14th, 2007
User Badges:

Ive put in an ASA5510, and there are web servers on the DMZ that query SQL servers behind the firewall.


TCP Port 1433 is open to the SQL Servers.

The queries are working but are very slow, for example a sql query that returns 20,000 rows runs in about 5 seconds behind the firewall, but from the DMZ it can take up to 2 minutes.


Ive tried adding norandomseq to the statics for the SQL servers.


Ive tried disabling sql inspection.


I'd appreciate any input


PeteLong

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
beth-martin Fri, 05/18/2007 - 10:27
User Badges:
  • Bronze, 100 points or more

SQL*Net inspection engine?If a control connection for the SQL*Net (formerly OraServ) port exists between a pair of hosts, then only an inbound data connection is permitted through the security appliance. It may slowdown your process.


mabrowncalence Tue, 10/02/2007 - 13:05
User Badges:

Any luck on getting this resolved. I am having the same problems. ASA5510 running 7.2(3) SQL query is running extremely slow.


Matt


Peter Long Tue, 10/02/2007 - 23:42
User Badges:

Hi Matt


I forgot this was open :/


The problem due to a speed duplex error on the inside interface.


When the query was run the errors shown in a


show int ethernet1


output shot up, I cabled the inside interface directly to the SQL server and it ran fine, so I knew the problem had to be behind the PIX, turned out to be a 3com switch that couldnt "auto negotiate" with the PIX, I changed the inside interface to 10 Mb half duplex, and it all ran fine, it will remain this way till the client upgrades his switch.


Hope this helps you out


Pete

www.petenetlive.com

Actions

This Discussion