04-18-2010 03:52 AM - edited 03-11-2019 10:34 AM
Dear Friends,
i have firewall services module in 6500 switch and have 2 DMZ one for Application server and the other for Database server but the administration says the connection i slow but i have any logging explain this issue , i make test by pass the firewall and creating interface vlan on 6500 for each DMZ without creating interfaces access-list and the connection become normall.
Kindly , Could you advise me for that issue
Ahmed Abdel-Wahed
04-18-2010 10:30 PM
If the application is experiencing a slow response, it could be many reasons.
Based on your testing, if you bypassed FWSM, the application was back to normal. So the issue looks like on FWSM.
What kind of application/traffic is experiencing the slowness?
Does FWSM do the inspection on those traffic?
If yes, can you check the cpu utilization on FWSM?
Please do the packet capture on the related traffic to see if there is packet drop as well.
04-19-2010 06:57 AM
Also you might want to check if there are TCP SACK enabled on the FWSM and enabled it and also if there is a packet reorder to enabled to the np completion unit sysopt if your FWSM version supports it.
I hope it helps.
PK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: