Re: Slow SSL Connection through the PIX520 - Pix or Proxy Proble

dnatale · ‎06-25-2003

For accessing the internet we have a proxy in our LAN (Authentification proxy) and one in our DMZ1. The second proxy is performing as a normal proxy server, located in our DMZ2.

The ISP's Internet router is located in our DMZ3. Whenever accessing an SSL-Site, the connection is awfully slow and eventually timeouts do occur.

Is there any chance to "speed up" the Firewalls' SSL-performance or is it rather a Proxy related problem?

Your help would be greatly appreciated!

Best regards,

Dario

shannong · ‎06-25-2003

The firewall is not involved in the SSL session at all. At least, not any more than it would be with a telnet or HTTP session. It's sill just another packet to the pix,--it's either allowed or denied.

What does "normal proxy" mean for DMZ1? How is that different than the DMZ2 proxy? You have three proxies then? LAN (I'm guessing you meant inside) DMZ1 and DMZ2

The problem is probably with your proxy servers. Unless the interface on the firewall to the switch/server/router is experiencing errors as is frequent due to mismatched duplex problems.

dnatale · ‎06-29-2003

I was making a mistake describing the problem: one Proxy is located in the LAN as an authentification Proxy. It decides, which user is allowed to access the internet - via the "real" proxy in the DMZ.

Opening a browser on the "real" (DMZ) Proxy, we do not encounter problems with SSL. We'll check on the configurations now.

Thank you for your quick response.

Dario

Slow SSL Connection through the PIX520 - Pix or Proxy Problem?