cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1551
Views
0
Helpful
9
Replies

Slow Windows file copies and ftp

dbouthillier
Level 1
Level 1

We have a pair of redundant 515e firewalls. A couple months ago users started complaining of slow performace between network segments. The common denominator seems to be segments seperated by the PIX's. We also discovered if we try to FTP files from the inside interface to anything on the outside interface (dmz or on the Internet), the speed drops to about 12 KB/s. No matter what we FTP to on the outside, we never get above 12 or 13 KB/s. I noticed similar performance when we try to do a Windows file copy from a workstation on the inside interface to a Windows box on the outside interface.

I read a few posts on various forums, and subsequently changed the ports from auto to 100/full on the PIX's and the switch. That did not help.

I upgraded the firewalls to 7.2.1 in January, but can't remember from what. It was 6.something, but I don't remember exactly what. Complaints started coming in around March, so it might be unrelated. I upgraded the PIX to 7.2.2 this weekend, but that did not change the behavior.

Any suggestions?

Thanks,

Daris

9 Replies 9

joshua.walton
Level 1
Level 1

Post your config please.

Thanks!

Thanks for helping. Here is the config on the PIX. I attached it, because I didn't want to cut anything out that might be helpful.

Daris

When you say that you are transferring a file from the inside to the outside and it is slow,.. what exactly is on the outside? Are you uploading a file to a known host on the public internet or a private host that is 1 hop away from the outside interface?

Both. I test to a FTP server in our DMZ (between the pix and our Internet router), and a public FTP server at my home. The transfer speeds are the same. I can't do Windows file copies to the box at home, but Windows file copies display similar speeds to our DMZ FTP server. The DMZ ftp server is connected to a the same CISCO switch that the PIX is connected to.

The ports for the PIX and the FTP server are forced to 100/Full and show no errors.

Again thanks,

Daris

hoogen_82
Level 4
Level 4

Try a ping test, ping your other side ip address from your PC/Host using the option ping -l 1500 -f

You should see something like "Packet needs to be Fragmented but DF set"

Try lowering the size of the packet from 1500 to 1400 and then slowly check when your Host ping. Once you start getting the replies give the command sysopt connection tcpmss

Then check on your speed again.

HTH

Hoogen

Thanks Hoogen. I tried that, but it did not seem to help the problem. FTP to our DMZ server on the outside interface is still between 12 and 15 KB/s.

Did you check for Interface errors on the inside interface and the switchport it is connected to?

sh interface "interface"

Thanks,

Chad

Yes I did. There are not errors on any of the interfaces or associated switch ports.

Does a sniffer capture reveal any obvious performance issues? Retransmissions etc?

Daniel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: