07-16-2007 07:58 AM - edited 03-11-2019 03:45 AM
Hi,
Installing two PIX-515E Firewalls (Failover Pair) on a customer site. The outside interface connects directly with a 10MBps link to the internet. When I am measuring throughput however, I am only getting an average of 2.5MBps download speed. When I remove the firewalls completely and connect a laptop directly to the same 10MBps internet line, I am getting average download speeds of 7MBps.
What sort of latency should I be expecting with the PIX-515E firewalls. There are no VPNs being used at present,so I am unable to explain the big difference in throughput
There is no QoS configured.
The Software version is 7.2(2)
I have powered off the Standby PIX just in case it was something to do with it - but it made no difference
Any ideas ?
07-16-2007 08:40 AM
Wow that's a huge difference. Verify that the PIX's interfaces and the far-end switch/hub/device are both set to 100/full.
Hank
07-17-2007 01:33 AM
Hi,
All interfaces set to 100Full.
It was the Global Service-Policy that comes as default with version 7.X
As soon as I turned it off
no service-policy global_policy global
Download and Upload speeds went up to averages of between 7MB and 8MB
07-17-2007 10:13 AM
how much memory in the pix?
07-17-2007 10:41 AM
Run the command "show asp drop" several times from the command line, and look to see if the out-of-order packet buffer full counter is rapidly climbing. If so, you are running into a limitation of the 7.X operating system (especially with the PIX). If you had an ASA, you could implement the workaround, but the PIX doesn't have the ability to implement the workaround.
** Please rate ***
Cheers.
Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide