PIX 515/Real slow filedownload through http. (Webmail)

telenormobil · ‎03-07-2005

Hi.

Anyone experienced problem with filedownload from webmail. Its not releated to ident or "reverse dns".

When i start to download it starts fine but after 2 sec it goes down to 150bytes speed. I have tried everything! any/any permit and so on but no luck.

Next step now is to remove the entire firewall and change to something else.

Its a renundant pix 515 E with 6.3(4), The traffic is from internet to inside(offical addresses).

Regards Terje

ehirsel · ‎03-07-2005

It may be either a path mtu issue, or a link negotiation issue. On the 515E, insure that all interfaces have explicit speed and duplex settings, instead of auto selection. Do the same on any switch port that the interfaces connect to.

In addition, if the 515E uses a DSL connection, or some type of PPPoE for outbound/internet connectivity, then adjust the interface mtu to 1492 bytes, as PPPoE uses 8 bytes of header info. The pix default mss size of 1380, should take care of any such mtu issue like this, I thought I'd mention it anyway.

I'm thinking that the speed/duplex may be the main reason. Let me know what you find.

telenormobil · ‎03-08-2005

Everything is 100/full. I can see some TCP checksum errors and alot of TCP duplicate ACK.

But i cannot figure out why.

Philip D'Ath · ‎03-14-2005

Which direction are the errors occuring in? Outbound or inbound?

Try a packet sniffer like Ethereal (free) and determine what is introducing the errors.