I have an SA540 Security Appliance installed at a data center in Georgia.
There are two web servers behind the device. Everything seems to work fine for about 2 weeks after the firewall is rebooted, but then connectivity issues begin to appear. The longer the device is up, the harder it is to make an RDP or VPN connection to the web servers. Web access also slows down.
Has anyone else experienced this problem?
We had a similar issue with the SA540 would either be very slow or stop forwarding traffic out the WAN port. Rebooting it resolved it for a short time.
Turns out the issue was with our client's ISP router's interface setting. The router was set to 10mbs Full duplex and the SA540 WAN is set to auto-negotiate (default). Worked for a while until traffic became heavy.
Once we matched the SA540 WAN port with the ISP router, the connectivity stabilized and they have not had an issue since. The SA540 is running v2.1.51.
Worth checking. Hope this helps.
Thanks for the input.
My ISP at the data center uses 100MB Full Duplex and I verified that all my ports from firewall through the switch to the servers are all set the same.
I really see things bog down in the evenings between 4 and 7pm. Sometimes it is so bad I can't access the servers at all.
This is my first Cisco device experience and so far no joy.
How many devices are connecting to SA500 appliance? Do you have IPS enabled? Trend Micro?
For a data center i would have went with the enterprise small biz products minimum of ASA5500 security appliance that runs Cisco IOS; Enterprise small business products would fit your type of network as a better choice with higher satisfaction. Cisco does have many tools to help plan out which type of equipment is best suited for your environment.
None really. We're not running a data center, just located in one (Telx - 56 Marietta). Our only traffic will be website visitors.
SA540 connects to SGE2000 24 port switch and then 2 servers connect to the switch. The servers are running Windows Server 2008 Standard acting as web servers.
IPS in not enabled.
Symantec Endpoint Protection, but the problem existed before it was installed.
I'm in NH and the data center is in Georgia. We contracted with a tech from Miami (friend of a friend) and he spec'd out all the hardware and set everything up back in November 2011. Because of this performance issue, we haven't been able to bring the web servers online.
I'm lucky if I can stay connected via VPN or RDP for more than a very short time.
Thanks for your help.
Have you had any success with your issues with the SA540? We have found the SA540 to be extremely stable. Don't get me wrong, there are some items that need addressed (SSL VPN for Mac OSX Lion, Inter-VLAN ACL support, etc).
We use IPS, but none of the Trend Micro features. Memory usage slowly raises from ~50% to ~85%. It seems to level out around 85%, but we try to reboot the router every two weeks so it might go higher over time.
Due to SLAs we might start rebooting only once a month. Therefore I'm interested in your experiences thus far.
Thanks for the response. Sorry I didn't respond soomer but I just found your message stuck in my spam filter.
I'm new to Cisco products so I'm not even sure that the SA540 is the cause of my issues. I have a couple of web servers located in a colocation facility in Atlanta Ga. I often have trouble connecting to them via remote access, both through the VPN client and directly with RDP. I routinely get knocked off (though RDP immediately reconnects, mostly). Of course the colocation facility says that there is no problem on their end.
At times when I am having the most difficulty connecting, the websites located on my servers seem to work okay.
While attempting to troubleshoot this problem, I noticed that the Port Statistics under the Status section of the SA540 had a high number of Rx Drop Pkts (usually about 1 Drop Pkt to every 200-250 Rx Byte). Currently says 459200999 Rx Bytes and 2038194 Rx Drop Pkts.
Again, not sure if this has anything to do with my dropped connection issue, but it was just something I saw and didn't know if it was relevant.
I was hoping someone could shed some light on how I can troubleshoot this issue to try to isolate where the problem exists.
We just rebooted our SA540, but right now we have 217720644 Rx Bytes with 28262 Rx Drop Pkts on Port 1 for example. Our other used ports have extremely higher amounts of Rx Bytes with even lower Rx Drop Pkts.
I'd start with testing the network cables associated to the offending port on your router.
Sorry for late response but i m also running SA540 consistently without troubles (IPS+TrendMicro). Give the SBSC a call @ 1-866-606-1866 and lets see if they can assist on possible problems with your setup.