My organization just went through a conversion from Checkpoint Firewall to a PIX Firewall. We run backups from our DMZ to our Internal network through the Firewall. The backups have run a lot slower when we put the PIX firewall in operation.
The backup program we use is Netbackup on the inside interface of the firewall and it uses ports 13724 and 13782. The Netbackup server intiates the communication with the servers in the DMZ that it backsup. We usually backup 3 gigabits of data a time.
Before the switch to the PIX the backups ran about 3 Mbps after the implementation with the PIX the backups slowed to around 25 kbps. The load on the interfaces and duplexes and speeds on the firewall and switches are all set up properly. The design has stayed the same. What could be the problem?
Please be aware that the logging may degrade the performance, but it will show you if something serious is going on (packets dropped,....)
2 Do a 'show tech' while the backup is running. It will give a detailed status of the pix at that moment. The output of the pix can be used as input for the cisco 'output interpreter' which is available at the TAC website in the 'tools' section ( https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl ) . You will need a CCO logon to get to the Output interpreter.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...