Slow Firewall Performance

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jedware
New Member
Posts: 24
Joined: Sun Jul 04, 2010 1:53 pm
Location: Sandy, UT USA

Slow Firewall Performance

Postby jedware » Wed Aug 25, 2010 9:05 am

We are in the midst of upgrading our internet to our meetinghouses but our initial tests are showing that the church firewall is slowing down the internet connection to 1/10 of the rated speed.

When the stake technology specialist contacted the church help desk they stated the speed degradation was normal. How can this be normal?

We are seeing a 21 Mbps connection drop to 2.5 Mbps and the ping time soar to 3000 ms. With those results a good modem will retrieve a page faster.

Does anyone have any further insight into this issue and are you seeing similar results?

techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Wed Aug 25, 2010 10:03 am

JedWare wrote:We are in the midst of upgrading our internet to our meetinghouses but our initial tests are showing that the church firewall is slowing down the internet connection to 1/10 of the rated speed.

When the stake technology specialist contacted the church help desk they stated the speed degradation was normal. How can this be normal?

We are seeing a 21 Mbps connection drop to 2.5 Mbps and the ping time soar to 3000 ms. With those results a good modem will retrieve a page faster.

Does anyone have any further insight into this issue and are you seeing similar results?


Both Sophos and the MLS software are memory hogs. One of the first things I'd check is the amount of RAM that each of these PC's is running. I'd recommend at least 1 Gig of RAM.

When the PC is first booted Sophos goes out and performs an update of the definitions. This can take anywhere from a couple of minutes to several minutes depending upon how many days it's been since the last update and what the updates include. This update will result in a slower Internet performance until it's completed.

We have 4 wards in our stake and all are using the same Sophos package and performance is quite good. There is some variation in speed between the buildings as not all of the facilities are the same distance to the ISP, but this has nothing to do with the Sophos package.
Have you read the Code of Conduct?

jedware
New Member
Posts: 24
Joined: Sun Jul 04, 2010 1:53 pm
Location: Sandy, UT USA

Postby jedware » Wed Aug 25, 2010 12:20 pm

I should clarify. The firewall I am talking about is the Cisco PIX hardware. This has nothing to do with Sophos software.

Connecting behind the Cisco you see 1/10 your bandwidth compared to connecting directly to ISP.

techgy
Community Moderators
Posts: 3174
Joined: Sun Jan 13, 2008 6:48 pm
Location: California

Postby techgy » Wed Aug 25, 2010 12:35 pm

JedWare wrote:I should clarify. The firewall I am talking about is the Cisco PIX hardware. This has nothing to do with Sophos software.

Connecting behind the Cisco you see 1/10 your bandwidth compared to connecting directly to ISP.


I would suggest contacting the Global Support Desk and have them check the firewall. If you're speed is really dropping that much through the firewall, then it's possible that there's a problem either with the configuration or the hardware itself.

I assume that following the installation of the PIX that someone contacted support and had them do the original configuration. If not, then that may be the problem.

If, however, the problem has occurred recently and the firewall has been around for a while, it wouldn't hurt to contact support.

Just as an experiment, try shutting down the PIX completely, wait a few minutes, then re-apply power and see if that has any effect. If not, call support.
Have you read the Code of Conduct?

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Wed Aug 25, 2010 1:41 pm

We have seen this at one of the sites we are struggling with right now. GSD is currently blaming it on incompaitibility of our new ASA with the cable modem. But, during one of our support calls with GSD, there was a line commented out of the code, which significantly improved the performance (though it was set back after troubleshooting was over). This is all hearsay at this point as I wasn't the person who did the troubleshooting, but we're waiting on a new cable modem to see if that performance problem goes away.

russellhltn
Community Administrator
Posts: 20732
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Aug 25, 2010 3:51 pm

The last time I tested, I got at a reasonable number though our PIX. Something like 2.5Mbit on a 3Mbit line. I was using the speed test suggested by our ISP. If you go to another site, you can be running into issues with overloaded circuits to that particular server.

In order to get the kind of performance you describe, I'd have to think that something, somewhere is downloading a file causing erroneous results. Perhaps a computer was updating the LANDesk or Sophos. Or perhaps it's infected with something. :eek:

But by all means, talk to GSD and see if the issue can be resolved.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

rpyne
Member
Posts: 227
Joined: Fri Jan 19, 2007 1:13 pm
Location: Provo, Utah, USA

Postby rpyne » Wed Aug 25, 2010 5:32 pm

This behavior is not at all surprising. The hardware firewall is not just a firewall, but a VPN (Virtual Private Network) device. It makes ALL of you internet traffic go through the Church's network, which has its own limitations on total bandwidth.

jedware
New Member
Posts: 24
Joined: Sun Jul 04, 2010 1:53 pm
Location: Sandy, UT USA

Postby jedware » Wed Aug 25, 2010 6:42 pm

So it looks like some people are experiencing the problem and others are not.

jshawut,

I would be interested in knowing what model modem you have and what you are replacing it with and whether it does indeed solve your problem.

RussellHltn,

There were no other computers connected to the network when tested and I used my personal laptop against the ISP's own testing site numerous times. I am glad to hear you are not experiencing this slowdown it gives me hope there is a solution out there.

rpyne,

Having used VPN both in work and personally I know there is a hit but this dramatic is not acceptable. It would mean the expense we are paying for the upgrade is not justified. Since other's are not experiencing this slowdown the closest explanation seems to be some incompatibilty as jshawut has alluded.

russellhltn
Community Administrator
Posts: 20732
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Aug 25, 2010 7:06 pm

If it helps any, the DSL modem we have is just a modem. It doesn't have anything else as part of it. I think many ISPs are providing modem/routers which adds to the complexity and adds a useless layer of stuff that may not be set for optimal performance.

If your modem has a router, I'd suggest trying to find a way of turning it off so the firewall gets a public IP.
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Postby johnshaw » Thu Aug 26, 2010 10:52 am

Interesting update. Our Stake currently has 5 buildings using the same IP Addressing internally. I can't even begin to imagine what issues that has been causing.


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest