Re: Slow traffic on https/http on site to site

Bynet_Security_

Hello everyone,
I set up a site to site between a Check Point 1500 machine that is managed locally and a Fortigate machine
The site above works fine but all traffic in https + http is very slow.
We checked downloading and uploading files and it was fine.
I would be happy to get some direction on what to check to locate the source of the problem
And if possible also an explanation of how to check if something is unclear.
Thanks to all who answered

AdiGH

Hey, which Check Point product do you have installed?

Lesley

what blades you have enabled on the 1500?

What encryption methods you use on the site to site?

-------
If you like this post please give a thumbs up(kudo)! 🙂

Chris_Atkinson

Potentially an MTU issue, look into MSS clamping per sk121114.

CCSM R77/R80/ELITE

Timothy_Hall

Please post outputs of Super Seven plus enabled_blades.

MSS clamping would normally only apply to IPSec traffic and not HTTPS traffic. This is because in IPSec the whole ESP packet (mostly) is digitally signed and therefore cannot be fragmented (DF flag). With HTTPS the payload stream of data is digitally signed, and the packets carrying it can be fragmented into a zillion pieces, as long as the payload stream of data being carried reassembles correctly. This is why HTTPS/TLS based Remote Access VPN clients are more resistant to low MTU performance issues.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones

Are you a member of CheckMates?

Slow traffic on https/http on site to site