Firewall Wizards mailing list archives
Re: Slow FTP downloads from behind PIX
From: Chris Myers <clmmacunix () charter net>
Date: Thu, 12 Jun 2008 08:17:19 -0500
Hi Darren,Well the catalyst is probably the FTP server upgrade. I would make sure that the MTU for the server is not larger than what the PIX can handle. Default on the PIX should be 1380. This URL is for fragmentation on VPN, but the fragmentation troubleshooting portion is good for all traffic, just follow it and use the FTP traffic for you captures and debug.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081e621.shtml Thank You, Chris Myers clmmacunix () charter net John 1:17For the Law was given through Moses; grace and truth were realized through Jesus Christ.
Go Vols!!!! On Jun 11, 2008, at 2:07 PM, Darren Maskowitz wrote:
I'm having some issues with FTP traffic through our Cisco PIX 515E. Our corporate FTP server is located outside the firewall, and we recently upgraded the FTP server software. This resulted a noticeable increase in the speed uploading files to the server (5 MB/s+). However when attempts were made to download files from the server speeds average about 300 KB/s, rapidly fluctuating between 30KB/s and 600 KB/s. Downloading the same file to a server outside our firewall resulted in speeds of about 6MB/s. Looking at the firewall: the default inspection scheme is enabled, and the FTP inspection is turned on. The FTP server requires active transfer mode, and everything works, albeit slowly. After turning off FTP inspection connections to the FTP server did not work until enabling passive mode, but that didn't change the speeds at all. I should probably also mention that the PIX is not doing any NAT. All the workstations and servers here have Internet routable IP addresses (206.75.x.x). Any suggestions? Thanks, Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Slow FTP downloads from behind PIX Darren Maskowitz (Jun 11)
- Re: Slow FTP downloads from behind PIX Bill O'Connell (Jun 12)
- Re: Slow FTP downloads from behind PIX Chris Myers (Jun 12)
- Re: Slow FTP downloads from behind PIX Trey Darley (Jun 12)
- Re: Slow FTP downloads from behind PIX david (Jun 13)
- Re: Slow FTP downloads from behind PIX Marcin Antkiewicz (Jun 17)
- Re: Slow FTP downloads from behind PIX david (Jun 13)