Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 515E DMZ Performance

I have DMZ int in my PIX515E (6.3). I have SSL webserver connected to it. Webserver feeds fairly large images to users on inside int and outside. I had the same server on my LAN before and the speed is lightning fast. When I move it to DMZ the slowness is horible. Is there a way to judge if I am outgrowing this box or if I have it missconfigured?

New Member

Re: PIX 515E DMZ Performance

the 515e can handle upto 130000 connections and 190mb of throughput, unless you have a massive amount of users connecting to the webserver it is unlikely that the PIX is inundated with traffic. Have you tried the basics, like make sure the webserver NIC is configured for 100/full as well as the switch and dmz ports? As a general rule of thumb you should always set your server and lan equipment NIC's to maximum throughput speeds.

You can also verify pix connections, memory and cpu usage with following commands.

show conn

show memory

show cpu usage

hope this helps

Re: PIX 515E DMZ Performance

Yes , check the duplex and speed setting of the DMZ interface and the WebServer. This is the most common performance problem.



New Member

Re: PIX 515E DMZ Performance

Thank you for your answers. I checked that DMZ int and it was set to auto and it negotiates at 100/full. But the private int was set to 100/half. After changing that to 100/full things are a bit faster. But still not as fast as I would like. Memory usage is 17 out of 32MB. CPU stays at around 7% and I have 47 connections with the highest of 192. This box terminates 3 site-to-site and around 12 RAS VPNs also.