Firewall services module slow connection

Unanswered Question
Apr 18th, 2010
User Badges:

Dear Friends,

i have firewall services module in 6500 switch and have 2 DMZ one for Application server and the other for Database server but the administration says the connection i slow but i have any logging explain this issue , i make test by pass the firewall and creating interface vlan on 6500 for each DMZ without creating interfaces access-list and the connection become normall.

Kindly , Could you advise me for that issue

Ahmed Abdel-Wahed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Sun, 04/18/2010 - 22:30
User Badges:
  • Gold, 750 points or more

If the application is experiencing a slow response, it could be many reasons.

Based on your testing, if you bypassed FWSM, the application was back to normal. So the issue looks like on FWSM.

What kind of application/traffic is experiencing the slowness?

Does FWSM do the inspection on those traffic?

If yes, can you check the cpu utilization on FWSM?

Please do the packet capture on the related traffic to see if there is packet drop as well.

Panos Kampanakis Mon, 04/19/2010 - 06:57
User Badges:
  • Cisco Employee,

Also you might want to check if there are TCP SACK enabled on the FWSM and enabled it and also if there is a packet reorder to enabled to the np completion unit sysopt if your FWSM version supports it.

I hope it helps.



This Discussion