The "many of the web pages" and "after timing out" are classical symptopms of an MTU problem...
What happens is that many of the larger pages well send back packets larger than the (in this case) 1400 bytes..
You can confirm this diagnosis by finding one of the sites...
Unsolicited ACKs... remember the typical TCP handshake sequence of events is something like..
from the source: SYN "can we talk"
from the destination: SYN/ACK "sure"
source: ACK "cool"
after which the traffic flows back...
Syslog everything... set level seven... send it to a syslog server (Kiwi makes the Win standard)... and then you will have to use grep to find all the connections for each internal IP...
You end up with messages for the begining of each connection, the teardown of each connection and IP...
Kiwi is great for small firewall logs... it is a good Win syslog server daemon... but the display program reads the whole log into memory at one time...
the Pix log is very usefull and contains LOTS of information if you set the logging level to the maximum... you get URL's and all sorts of...
IMHO..
It is difficult some times to determine what is "poor performance".. individual point tests are sometimes ineffective and can lead to incorrect conclusions... they test the system at one point in time and do not necessarily give the overall picture through the whole day...
I...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.