Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
654
Views
0
Helpful
4
Replies

Extremely Slow Internet with Pix Firewall

stampro22
Level 1
Level 1

‎12-08-2004 10:07 PM - edited ‎03-05-2019 11:21 AM

I have a customer who recently upgraded to T1 access. We initially installed a Linksys firewall behind the Cisco router installed by the phone company but found that every 3rd or 4th time that we opened Internet explorer or tried to access the Internet, the (I assume DNS resolution) was so slow that it timed out. I upgraded to a Pix firewall and configured to allow any access from inside to outside and we started having the same problem. If you open Internet explorer 5 times in a row, the first couple may load the site almost instantly, then the third time it may take a couple of seconds and usually one out of those five times it will completely time out and give a page cannot be displayed. Usually hitting the refresh button will cause the page to load almost instantly again. Am I missing something very obvious here?

Labels:
0 Helpful
4 Replies 4

lgijssel
Level 9
Level 9

‎12-08-2004 11:26 PM

You might. Please check speed & duplex settings on the pix in- and outside interfaces.

Regards,

Leo

0 Helpful

stampro22
Level 1
Level 1
In response to lgijssel

‎12-09-2004 01:42 AM

I believe it was set to "Auto".

0 Helpful

p-dolbow
Level 1
Level 1
In response to stampro22

‎12-09-2004 04:03 AM

There are quite a few things you should check here. First of all it seems that you are having basically the same problem with the PIX as you had with the Linksys box. I doubt that it is DNS, as the DNS lookups should be cached - especially if they are done back to back and the first couple worked.

Troubleshooting questions:

Does this occur on more than one workstation?

What model PIX do you have?

What (if any) routers are on the network?

What does you network design look like?

Please check:

Client proxy settings

Client IP settings i.e. gateway, subnet mask

Interface errors on the PIX

Interface errors on the T1/serial interfaces

MTU settings on the network devices

0 Helpful

stampro22
Level 1
Level 1
In response to p-dolbow

‎12-10-2004 11:05 PM

I believe that problem may have been fixed. The firewall logs indicated a large amount of UDP outbound traffic. After much configuration fruitlessness in stopping this from the firewall side, I did a little research and found that this is most frequently caused by tracking cookies on the individual workstations. Panda protects against adware/spyware but not cookies... so I ran an Ad-aware scan on all systems and removed between 50 - 150 cookies from each. Unexplained UDP traffic stopped and Firewall memory level dropped from 15MB out of 16MB to about 10MB.

I believe what was happening before was that the firewall was running out of memory. As long as enough memory was available to handle a request, pages, and e-mail loaded quickly as they should. During high traffic times along with the very large amount of UDP traffic, it was running out of memory causing requests to be delayed until enough memory was free to handle the request.... resulting in occasional long wait times, and time outs.

How much memory use is normal? I'm a little concerned that with almost not traffic the memory indicated that 10-11MB was used.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card