06-21-2006 12:45 PM - edited 03-09-2019 03:20 PM
i have a PIX 515 and am using smartfilter to filter traffic from my LAN to the Internet, and the DMZ. When users are trying to access web server on my DMZ, it is noticeably slow. As soon as I turn the filtering off it moves fast like it is on the same LAN. Right now no inside hosts are using the filtering for Internet traffic, all our Internet traffic gets directed from our router to a frame relay network to our Atlanta location, so I know it's not the filtering server being overworked. When our users were going through the PIX to Internet hosts, it screamed since we were using Comcast high speed, so it seems to only be affecting DMZ web sites. Something appears to be wrong with the PIX communicating effectively with the filter. However, I have syslog enabled, and know that the PIX has not lost communication with the filtering server, Some of my config is as follows, (I've included the DMZ access list, but don't see anything on the syslog server being blocked when the slowness is apparent)
url-server (inside) vendor n2h2 host HBG-Filter port 4005 timeout 5 protocol TCP
ip address outside 10.1.10.11 255.255.255.0
ip address inside 10.4.0.2 255.255.255.0
ip address DMZ 192.168.32.1 255.255.255.0
global (outside) 1 interface
global (inside) 1 interface
global (DMZ) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (DMZ) 1 0.0.0.0 0.0.0.0 0 0
static (DMZ,inside) 10.4.0.4 192.168.32.4 netmask 255.255.255.255 0 0
static (inside,DMZ) HBG-Filter HBG-Filter netmask 255.255.255.255 0 0
access-group outside_acl_in in interface outside
access-group dmz_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 10.1.10.1 1
route inside 10.0.0.0 255.0.0.0 10.4.0.84 1
route inside 10.1.100.0 255.255.255.0 10.1.10.10 1
Thank you,
Bill
06-22-2006 05:15 AM
I think I found a possible solution. I can make an exception for filtering to that host. I still don't know why it is slow, but...
filter url except 0.0.0.0 0.0.0.0 192.168.32.4 255.255.255.255
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide