Slow FTP ASA5520 Inspect statements

Unanswered Question
Aug 19th, 2009

I have very large 11gig ftp transfers from my customers that happen every night. These are taking 8 plus hours. I have 100 meg and customer has full DS3. Neither is even close to half.

I have on "inspect ftp" could this be slowing down the transfer. Inspect do a deep dive into the packet, but does that slow it down that much? Is there a way to open up the throughput of ftp transfers? Thanks for your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kevin Redmon Thu, 08/20/2009 - 13:50

The inspect FTP is likely NOT causing the issue. This command will open up any secondary ports required by the FTP protocol. You may want to confirm the speed/duplex settings on the interface. To determine the cause of the delay, you may consider doing a packet capture at the time of the delay - on the ingress and egress interface of the ASA. By analyzing this packet capture, you may be able to determine why there is a delay - dropped packets, duplicate acknowledgements, etc. You may also want to consider the MTU of the packets.

The link may be large but you may also have some upstream QoS configured limiting the throughput and/or other proxy device that may also impact the flow.


This Discussion