Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bond786
Participant

Slow FTP Download/Upload

Dear Experts,

I have one query as we are facing an issue that FTP connection is running slow for a website which is hosted behind Checkpoint Firewall. The security gateway is running on R81 with latest hot fix, the ISP has 800Mbps download and 700 Mbps Upload but we are only getting 1 Mbps of speed currently. We used to get 10Mbps but the speed has reduced gradually from last few months.

Any possible reasons behind this? and also what things I can check on the Firewall to make sure firewall is not causing any issues.

Many thanks

0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend

There are some reasons for such a behaviour:

- Basically every connection thru the GW will only get a part of the possible ISP speed, so one client doing file transfer will get e.g. 10Mbps, but every additional client will also get 10Mbps as long as that is possible.

- Of much importance is the TP policy - which blades do work on the ftp connections ? If these connections can not contain malware you could exclude them from all TP blades.

- Also look into the GW logs if there are many drops and re-transmissions of FTP packets (just to be sure !) 

- Lastly you should look at other connections on the GW at the time of the FTP slowness, as you could prioritize FTP over other connections using QoS.

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Bond786
Participant

Issue was with client ISP.

Many Thanks for the advise.

0 Kudos
Timothy_Hall
Legend Legend
Legend

If the FTP traffic is traversing an IPSec VPN tunnel, it is almost certainly an IP MTU/fragmentation issue.

Is it just the FTP connection that is slow or is everything slow?  Run netstat -ni on the firewall and make sure underlying network interfaces are running cleanly.

Finally as Gunter said it is likely that recent changes to your Threat Prevention (TP) setup may be pulling this FTP traffic into a slower path for more inspection.  Try creating a null TP profile (a new TP profile with all five TP blades unchecked), then match it to the FTP system via Protected Scope at the top of your TP policy and try again.  Did that help?

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Bond786
Participant

Issue was with client ISP.

Many Thanks for the advise.

 

0 Kudos
Matlu
Advisor

Hello,

When the problem is with the "download" of a certain resource, from my LAN to the Internet, passing through a GW, how can you rule out, that the problem is not the Firewall.

For example, I have such a flow:

User_LAN -> SW -> ClusterGW -> ISP -> INTERNET

The user tries to download a public resource that is on the Internet, but the "download" is too slow.

Is there any way to rule out that the problem is the FW?

Regards.

0 Kudos
PhoneBoy
Admin
Admin

If the firewall is causing the problem, you would see evidence of it.
For example, a single CPU is 100% during the file transfer or something in the Super Seven Commands is off: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40... 
There may be other signs, but that's the most obvious.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events