10-02-2007 09:13 PM - edited 03-11-2019 04:19 AM
My customer says that performance through the FWSM was very sluggish.
He said he switched over from active to standby FWSM and everything is fine after this.
I want to ask him to switch back to the suspect FWSM module again to see the problem first hand.
Apart from SHOW TECH and SHOW LOG is there any more usefull commands that I can do on the problem FWSM at the time of the problem that will help me narrow down the problem.
At the moment I have the SHOW TECH and a sniffer trace with the problem FWSM and a sniffer trace after switching over to standby FWSM, but I can't see anything unusual in these sniffer traces such as retranmissions, etc.
Versions running on both the FWSM:
FWSM Firewall Version 2.3(4)6
FWSM Device Manager Version 2.1(1)
10-08-2007 01:36 PM
Traffic through FWSM can be slow due to a variety of reasons and it is better to narrow down to the type of traffic which is causing the problem. This can be checked by removing the respective inspect command (like inspect HTTP) and then checking the traffic flow. Also check if the cpu and memory usage of FWSM are not reason of its slow performance.
01-18-2008 09:35 AM
Hi,
If you manage to identify your issue then I would be keen to review your findings. I'm currently investigating a similar issue where the throughput varies from 1.5MBps (slow) up to 94MBps when running a test from in the same VLAN or through the firewall. I plan to fail the firewalls over at the earliest chance to see if it is a hardware limitation.
cheers
Ju
01-18-2008 09:53 AM
There are few commands you could use to check the amount of traffic flow per vlan...
If I recollect there is a command "show traffic ..."
Satya
01-19-2008 04:14 AM
Hi,
When looking at the graphing (ASDM) and via SNMP .I can see that the interfaces are not particularly under any load (less than 20Mbps). The impact is seen when attempting to run a backup or a large copy.
What identified the issue was a 187 GB drive on a server in a blade farm backing up in the same vlan with a write speed of approx 40MBps (speed that the tape writes at) where as through through the firewall this dropped to 1.5MBps. The architechture of the FWSM should allow for at least 100MBps throughput on the basis of the backplane being able to process 1Gbps.
Many Thanks for your input
Ju
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide