Backups are slow through PIX

mdargin · ‎01-26-2004

My organization just went through a conversion from Checkpoint Firewall to a PIX Firewall. We run backups from our DMZ to our Internal network through the Firewall. The backups have run a lot slower when we put the PIX firewall in operation.

The backup program we use is Netbackup on the inside interface of the firewall and it uses ports 13724 and 13782. The Netbackup server intiates the communication with the servers in the DMZ that it backsup. We usually backup 3 gigabits of data a time.

Before the switch to the PIX the backups ran about 3 Mbps after the implementation with the PIX the backups slowed to around 25 kbps. The load on the interfaces and duplexes and speeds on the firewall and switches are all set up properly. The design has stayed the same. What could be the problem?

tvanginneken · ‎01-26-2004

Hi,

I would do two things to find out what is going on:

1 Enable logging on the pix to a syslog server. These are the command's to setup logging:

logging trap 7

logging host inside

logging on

(A free syslog server is available at http://www.kiwisyslog.com )

Please be aware that the logging may degrade the performance, but it will show you if something serious is going on (packets dropped,....)

2 Do a 'show tech' while the backup is running. It will give a detailed status of the pix at that moment. The output of the pix can be used as input for the cisco 'output interpreter' which is available at the TAC website in the 'tools' section ( https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl ) . You will need a CCO logon to get to the Output interpreter.

Kind Regards,

Tom