i have a PIX 515 and am using smartfilter to filter traffic from my LAN to the Internet, and the DMZ. When users are trying to access web server on my DMZ, it is noticeably slow. As soon as I turn the filtering off it moves fast like it is on the same LAN. Right now no inside hosts are using the filtering for Internet traffic, all our Internet traffic gets directed from our router to a frame relay network to our Atlanta location, so I know it's not the filtering server being overworked. When our users were going through the PIX to Internet hosts, it screamed since we were using Comcast high speed, so it seems to only be affecting DMZ web sites. Something appears to be wrong with the PIX communicating effectively with the filter. However, I have syslog enabled, and know that the PIX has not lost communication with the filtering server, Some of my config is as follows, (I've included the DMZ access list, but don't see anything on the syslog server being blocked when the slowness is apparent)

url-server (inside) vendor n2h2 host HBG-Filter port 4005 timeout 5 protocol TCP

ip address outside 10.1.10.11 255.255.255.0

ip address inside 10.4.0.2 255.255.255.0

ip address DMZ 192.168.32.1 255.255.255.0

global (outside) 1 interface

global (inside) 1 interface

global (DMZ) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (DMZ) 1 0.0.0.0 0.0.0.0 0 0

static (DMZ,inside) 10.4.0.4 192.168.32.4 netmask 255.255.255.255 0 0

static (inside,DMZ) HBG-Filter HBG-Filter netmask 255.255.255.255 0 0

access-group outside_acl_in in interface outside

access-group dmz_access_in in interface DMZ

route outside 0.0.0.0 0.0.0.0 10.1.10.1 1

route inside 10.0.0.0 255.0.0.0 10.4.0.84 1

route inside 10.1.100.0 255.255.255.0 10.1.10.10 1

Thank you,

Bill