Re: Slow traffic on https/http on site to site

Bynet_Security_ · ‎2025-03-08

Hello everyone,
I set up a site to site between a Check Point 1500 machine that is managed locally and a Fortigate machine
The site above works fine but all traffic in https + http is very slow.
We checked downloading and uploading files and it was fine.
I would be happy to get some direction on what to check to locate the source of the problem
And if possible also an explanation of how to check if something is unclear.
Thanks to all who answered

AdiGH · ‎2025-03-08

Hey, which Check Point product do you have installed?

Lesley · ‎2025-03-08

what blades you have enabled on the 1500?

What encryption methods you use on the site to site?

-------
Please press "Accept as Solution" if my post solved it 🙂

Chris_Atkinson · ‎2025-03-08

Potentially an MTU issue, look into MSS clamping per sk121114.

Ensure 3DES isn't used where possible in favour of AES-NI friendly algorithms.

Which version of R81.10.xx is used ?

CCSM R77/R80/ELITE

Timothy_Hall · ‎2025-03-09

Please post outputs of Super Seven plus enabled_blades.

MSS clamping would normally only apply to IPSec traffic and not HTTPS traffic. This is because in IPSec the whole ESP packet (mostly) is digitally signed and therefore cannot be fragmented (DF flag). With HTTPS the payload stream of data is digitally signed, and the packets carrying it can be fragmented into a zillion pieces, as long as the payload stream of data being carried reassembles correctly. This is why HTTPS/TLS based Remote Access VPN clients are more resistant to low MTU performance issues.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

Are you a member of CheckMates?

Slow traffic on https/http on site to site