Bandwidth extreamly slow T1

[ChuckG]

I've been trying to find a reason for this for several months now and haven't found a cause yet.

Here at the office I have a T1 from Sprint, goes to our External Router (Cisco 2400 Series), then via Ethernet into a Checkpoint Firewall (Nokia IP330), then onto our network.

The External Router, the ONLY thing it is there for is to route data out onto the internet and back into our network.

The only ip route is 0.0.0.0 going out to the IP for Sprint.

Internally our routing goes.

Internal PC(or server), to our internal Router (Another Cicso 2400 Series) which is used for several items.

a) Routing internal Traffic.
b) Routing traffic via our Frame-Relay.
c) Routing traffic to a remote site (Point to Point)
d) Routing traffic to the Firewall.

The IP Routing I have on this is pretty straight forward.
if data is ment for an IP on A send to Ethernet0
if data is ment for an IP on B send to Frame Serial Port
if data is ment for an IP on C send to PtP Serial Port
and if IP matches anything else (ie 0.0.0.0) send to the Firewall's internal IP.

My biggest problem in locating the slowdown is the Firewall is managed by our Corporate office, who in their wisdom has deemed no one but them can even look at the config.

Internet access in general is EXTREAMLY slow. (I can almost load web pages as fast with my dialup at home)

The guys at Corp are wanting me to use their Firewall as our Gateway instead of our Router. But I have a problem with turning all of our internal routing over to them (takes 2 days to get them to DO anything).

Any idea's/suggestions?

Thanks
ChuckG

 

[InnoTech]

have you had anyone from the "outside" run a tracert to you or your server or even router? have you tried to tracert anything from "inside" the network to somewhere like google.com or yahoo.com? i'd also try bypassing the firewall even though it would make some people really mad.

are you testing the connection on each pc and the server? are there any that have good bandwidth?

"Jack of all trades. Master of none."

 

[ChuckG]

I have run tracert's from my home (dialup via Earthlink) to our external router. Can't ping/tracert past the firewall due to how they have it configured.

The speed seems to be variable. Sometimes it's pretty quick, sometime's it's slow as a dog. I've called Sprint and had them pull up bandwidth analysis for the IP circuit as well, thinking maybe it was a problem with the feed from them.

We did have an issue recently. We have a remote office that is connected VIA frame-relay. Their internet access is based on coming up the frame relay, and going out our IP T1. On evenings/weekends the remote office could not access the internet. I went down to that site and found that they could ping/access anything on the home site's internal network, but could not get-to or even see the Firewall.

After calling the corp guys about the firewall, that's when they suggested we switch our "gateway" over to their firewall. It appears that the firewall goes to sleep or something, because if there's no access over it for a certain period of time the remote site loses the ability to connect. Now if someone in the home office goes out (extreamlly slow at this point) the firewall will then let the remote site out.

As a temporary fix, I've setup Norton Scheduler to do a ping to

http://www.yahoo.com

every 15 mintues from the server at the remote location. And they haven't had any problems getting out, but it seems a very goofy way of having to keep the connection alive.


The idea of by-passing the firewall, I've been tempted to bring my notebook in on a weekend and give that a try and see what the results are.

My biggest problem right now is I have no idea what this firewall is doing. I know they have it setup doing VPN's from the corp office into our network, but can not get them to let me know how much bandwidth this is taking up.

The only other thing I can think of that would be consuming internet bandwidth would be our mail server. But I still can't see how it would be consuming that much.

ChuckG

 

[InnoTech]

i wouldn't think the mail server would either.

from what you've told me it all comes down to the people maintaining the firewall and they aren't being much help to you, i guess.

a problem you may face with hooking up your laptop and bypassing the firewall is that you would need a valid IP to assign it. this may be a problem but you may already know what you could do.

also the problem with the remote office connection and the norton scheduler. that again is a problem with the firewall in which they would need to fix in return they may find the issue of the slow browsing. as far as them saying to switch your gateway, it does in fact make sense to me. it seems as though they have you by the b***s

"Jack of all trades. Master of none."

 

[ChuckG]

I've got a full Class C to work with, so I can grab an unused IP address without a problem.

Last I spoke with the gents about the firewall, he was trying to say he thought our internal Cisco 2400 series wasn't "seeing the arp" from their firewall (in reguards to why the remote site can't get out after hours)

I'm going to give a try to by-passing the firewall just to see what happens, hopefully this weekend.

ChuckG

 

[InnoTech]

i hope that works for you so you can tell them to take that firewall and shove it. j/k good luck!

"Jack of all trades. Master of none."