Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
3
Helpful
3
Replies

Slow performance on PIX 515E

matthewsj11
Level 1
Level 1

‎07-17-2006 05:32 AM

Hi I am having a problem with the throughput on my PIX 515E. I have 3 active interfaces, one for the outside, one for inside Lan and one for our DMZ. What I wish to do is to backup our servers on the DMZ with our backup server that sits on the inside lan. The problem is that when the backup runs it will only run at about 20MB/min compared to upto 2000MB/min when backing up a server on the Lan. The only real diferences in the network or server setup between these two speeds that I can see is the Pix. Is there anything that I can do to speed up my backups.

We have an unrestricted license with unlimited hosts. On the interface bandwidth stats the DMZ interface will not get any higher than 5000 Kbps where the outside interface is regularly up to 12000 Kbps and higher.

Any suggestions?

Labels:
0 Helpful
3 Replies 3

nefkensp
Level 5
Level 5

‎07-17-2006 05:45 AM

The PIX515E maximum supports 100Mbit connections.

If I calculate the 2000MB/minute back to megabits, it would end up on 333Mbit connection. My guess is that the backupserver and the server on your internal internal network are connected via a gigabit network.

As the PIX supports a 100Mbit connection, you could expect a maximum transfer of 10MB/s (roughly), but you get a 5MB/sec (5000KBPS), so my guess is that the linespeed on one of the interfaces is set to 100megabit, half duplex.

Check the configuration on the switch for the ports connected to the pix and the servers (on the DMZ) for duplex mismatches. You can see what the duplex speed is on

- Cisco IOS Switches: show interface status

- Cisco PIX: show interface

Hope these pointers help you to isolate the problem

Pieter-Jan

matthewsj11
Level 1
Level 1
In response to nefkensp

‎07-17-2006 07:11 AM

Thanks for your suggestions. Yes most of our Lan is on gigabit but even the servers on megabit reach at least 500-600MB/min as most servers have teamed network cards.

I have checked the port speed on both the switch and the firewall and both are set to 100 full deplex.

Any more ideas?

0 Helpful

nefkensp
Level 5
Level 5
In response to matthewsj11

‎07-18-2006 05:24 AM

The servers that have 100Mbit cards are not precisely on 100Mbit, since they are teamed, the can reach 200mbit (or more, depending on the number of teamed adapters).

Can you check on the switch if you see certain errors? You might want to try to setup a second machine in your DMZ (100Mbit as well) and see what the speed of a copy is between the server and that second machine. Then you could do a similar test from the second machine through the pix to the backup server, but also to another server.

Based upon the results of those tests, you should be able to see why things are lower, but if you can only get to 5Mbps, it still might be a duplex-mismatch, can you verify the duplex settings between the server and the switch?

0 Helpful
Customers Also Viewed These Support Documents