SQL Slow though ASA 5510

Unanswered Question
May 14th, 2007

Ive put in an ASA5510, and there are web servers on the DMZ that query SQL servers behind the firewall.

TCP Port 1433 is open to the SQL Servers.

The queries are working but are very slow, for example a sql query that returns 20,000 rows runs in about 5 seconds behind the firewall, but from the DMZ it can take up to 2 minutes.

Ive tried adding norandomseq to the statics for the SQL servers.

Ive tried disabling sql inspection.

I'd appreciate any input


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
beth-martin Fri, 05/18/2007 - 10:27

SQL*Net inspection engine?If a control connection for the SQL*Net (formerly OraServ) port exists between a pair of hosts, then only an inbound data connection is permitted through the security appliance. It may slowdown your process.

mabrowncalence Tue, 10/02/2007 - 13:05

Any luck on getting this resolved. I am having the same problems. ASA5510 running 7.2(3) SQL query is running extremely slow.


Peter Long Tue, 10/02/2007 - 23:42

Hi Matt

I forgot this was open :/

The problem due to a speed duplex error on the inside interface.

When the query was run the errors shown in a

show int ethernet1

output shot up, I cabled the inside interface directly to the SQL server and it ran fine, so I knew the problem had to be behind the PIX, turned out to be a 3com switch that couldnt "auto negotiate" with the PIX, I changed the inside interface to 10 Mb half duplex, and it all ran fine, it will remain this way till the client upgrades his switch.

Hope this helps you out




This Discussion