Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1082
Views
4
Helpful
4
Replies

Traffic through FWSM is slow

astanislaus
Level 2
Level 2

‎10-02-2007 09:13 PM - edited ‎03-11-2019 04:19 AM

My customer says that performance through the FWSM was very sluggish.

He said he switched over from active to standby FWSM and everything is fine after this.

I want to ask him to switch back to the suspect FWSM module again to see the problem first hand.

Apart from SHOW TECH and SHOW LOG is there any more usefull commands that I can do on the problem FWSM at the time of the problem that will help me narrow down the problem.

At the moment I have the SHOW TECH and a sniffer trace with the problem FWSM and a sniffer trace after switching over to standby FWSM, but I can't see anything unusual in these sniffer traces such as retranmissions, etc.

Versions running on both the FWSM:

FWSM Firewall Version 2.3(4)6

FWSM Device Manager Version 2.1(1)

Labels:
0 Helpful
4 Replies 4

tstanik
Level 5
Level 5

‎10-08-2007 01:36 PM

Traffic through FWSM can be slow due to a variety of reasons and it is better to narrow down to the type of traffic which is causing the problem. This can be checked by removing the respective inspect command (like inspect HTTP) and then checking the traffic flow. Also check if the cpu and memory usage of FWSM are not reason of its slow performance.

ju_mobile
Level 1
Level 1

‎01-18-2008 09:35 AM

Hi,

If you manage to identify your issue then I would be keen to review your findings. I'm currently investigating a similar issue where the throughput varies from 1.5MBps (slow) up to 94MBps when running a test from in the same VLAN or through the firewall. I plan to fail the firewalls over at the earliest chance to see if it is a hardware limitation.

cheers

Ju

0 Helpful

sbaddipu
Level 1
Level 1
In response to ju_mobile

‎01-18-2008 09:53 AM

There are few commands you could use to check the amount of traffic flow per vlan...

If I recollect there is a command "show traffic ..."

Satya

0 Helpful

ju_mobile
Level 1
Level 1
In response to sbaddipu

‎01-19-2008 04:14 AM

Hi,

When looking at the graphing (ASDM) and via SNMP .I can see that the interfaces are not particularly under any load (less than 20Mbps). The impact is seen when attempting to run a backup or a large copy.

What identified the issue was a 187 GB drive on a server in a blade farm backing up in the same vlan with a write speed of approx 40MBps (speed that the tape writes at) where as through through the firewall this dropped to 1.5MBps. The architechture of the FWSM should allow for at least 100MBps throughput on the basis of the backplane being able to process 1Gbps.

Many Thanks for your input

Ju

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card