Slow Firewall Performance
-
johnshaw
- Senior Member
- Posts: 2273
- Joined: Fri Jan 19, 2007 1:55 pm
- Location: Syracuse, UT
We've done some extensive work with GSD and there was a line in the config that when disabled, really increased the speed of our access. Before it was all over, they had put that line back in, and we were told to check our modem. Still in the process of that, but I'm wondering if the larger problem isn't with the build script config for the ASA
-
JamesAnderson
- Senior Member
- Posts: 773
- Joined: Tue Jan 23, 2007 2:03 pm
The 150mbps and 100mbps figures mean it should be doing at least what is reported without the firewall.
In fact, the ASA 5505 is similar to the performance of 802.11g wireless cards in throughput. 802.11n cards can now do up to 300mbps throughput. At home I have an older D-Link card that only gives 54mbps throughput, but is adequate for home use. But with the ASA 5505 as a hardwired box and not a wireless box, it should be giving you the speed you are expecting, having the higher throughput would be good but for most applications used by most Church installations, it is not always necessary.
In fact, the ASA 5505 is similar to the performance of 802.11g wireless cards in throughput. 802.11n cards can now do up to 300mbps throughput. At home I have an older D-Link card that only gives 54mbps throughput, but is adequate for home use. But with the ASA 5505 as a hardwired box and not a wireless box, it should be giving you the speed you are expecting, having the higher throughput would be good but for most applications used by most Church installations, it is not always necessary.
-
RomeroGa
- New Member
- Posts: 18
- Joined: Thu Nov 18, 2010 4:35 am
- Location: Argentina, Buenos Aires
-
johnshaw
- Senior Member
- Posts: 2273
- Joined: Fri Jan 19, 2007 1:55 pm
- Location: Syracuse, UT
Interesting, we found out that the speed went up because the GSD tech had disabled filtering.... we were unfiltered... just found out yesterday. We know that the legacy filter if used on the ASA5505 is not good. If you script it for General, it is better. In the background, however, the teams are making changes to the networking. My understanding now is that all General is being redirected to one of the other filtering levels. At this point, the best we've been able to come up with is the General.
The issue is really around the websense filtering that the church has, the team managing them is behind the curve and better hardware needs to be put in place for them.
The issue is really around the websense filtering that the church has, the team managing them is behind the curve and better hardware needs to be put in place for them.
-
JamesAnderson
- Senior Member
- Posts: 773
- Joined: Tue Jan 23, 2007 2:03 pm
Filtering companies are often behind the curve as well. Some use a 'database' model to this day, where the database is offloaded to your machine, or a central machine on your VPN, causing drain on its resources, or in some cases it's not the local network or PCs, but the firewalls.
The fastest performance comes from filtering solutions that use cloud approaches to managing the master filtering database. Your filtering software installation queries the data center database, which is often updated frequently for problem issues like pornography or spyware/malware, and gets a result within microseconds, then returns a rating to your installation and your PC, and it's so fast you see no lag time. They can also rate a site you have not hit yet ever, and you will be protected almost immediately, pretty much real-time, meaning even better protection, especially involving newly discovered sites or sites often spamvertised.
One that does this is Blue Coat (commercial version of what we know as K9), I'm not sure about who else may do this, but it could become an industry standard as cloud computing gains more popularity.
The fastest performance comes from filtering solutions that use cloud approaches to managing the master filtering database. Your filtering software installation queries the data center database, which is often updated frequently for problem issues like pornography or spyware/malware, and gets a result within microseconds, then returns a rating to your installation and your PC, and it's so fast you see no lag time. They can also rate a site you have not hit yet ever, and you will be protected almost immediately, pretty much real-time, meaning even better protection, especially involving newly discovered sites or sites often spamvertised.
One that does this is Blue Coat (commercial version of what we know as K9), I'm not sure about who else may do this, but it could become an industry standard as cloud computing gains more popularity.
-
bradhokanson
- Church Employee
- Posts: 48
- Joined: Sun Mar 06, 2011 12:31 pm
- Location: Utah, USA