Poor HTTP performance since servers were moved behind a firewall

Unanswered Question
Mar 7th, 2008

Hi,

I have a performance issue were i have two appliances that used to sit on a server vlan infront of a firewall they were then moved to DMZ behind the firewall and now HTTP performance is really slow from the client VLAN but ok from the server VLAN. I have checked the firewall rules and can ping fine.

Has anyone any ideas.

Thanks

Kev

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jojuarez Sat, 03/08/2008 - 20:15

Hi,

Try to connect the server directly to DMZ interface (and when I say direcly I mean no other device between the firewall and the server, no hubs, no switches, no nothing). If the issue continues, look for errors on the interface using the "sh interface" command.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s3_72.html#wp1283345

You may also try to remove http inspection and change mss value to 1300, for instance.

kevinhobson2000 Sun, 03/09/2008 - 11:20

Hi,

I figured out waht this was it was a static route on the firewall that was pointing to the wrong next hop.

Cheers

Kev

Actions

This Discussion