This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bond786
Participant
‎2021-11-06 08:46 AM

Slow FTP Download/Upload

Dear Experts,

I have one query as we are facing an issue that FTP connection is running slow for a website which is hosted behind Checkpoint Firewall. The security gateway is running on R81 with latest hot fix, the ISP has 800Mbps download and 700 Mbps Upload but we are only getting 1 Mbps of speed currently. We used to get 10Mbps but the speed has reduced gradually from last few months.

Any possible reasons behind this? and also what things I can check on the Firewall to make sure firewall is not causing any issues.

Many thanks

0 Kudos
6 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-11-07 01:53 AM

There are some reasons for such a behaviour:

- Basically every connection thru the GW will only get a part of the possible ISP speed, so one client doing file transfer will get e.g. 10Mbps, but every additional client will also get 10Mbps as long as that is possible.

- Of much importance is the TP policy - which blades do work on the ftp connections ? If these connections can not contain malware you could exclude them from all TP blades.

- Also look into the GW logs if there are many drops and re-transmissions of FTP packets (just to be sure !) 

- Lastly you should look at other connections on the GW at the time of the FTP slowness, as you could prioritize FTP over other connections using QoS.

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Bond786
Participant
‎2021-11-15 02:14 AM
In response to G_W_Albrecht

Issue was with client ISP.

Many Thanks for the advise.

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2021-11-07 05:32 AM

If the FTP traffic is traversing an IPSec VPN tunnel, it is almost certainly an IP MTU/fragmentation issue.

Is it just the FTP connection that is slow or is everything slow?  Run netstat -ni on the firewall and make sure underlying network interfaces are running cleanly.

Finally as Gunter said it is likely that recent changes to your Threat Prevention (TP) setup may be pulling this FTP traffic into a slower path for more inspection.  Try creating a null TP profile (a new TP profile with all five TP blades unchecked), then match it to the FTP system via Protected Scope at the top of your TP policy and try again.  Did that help?

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Bond786
Participant
‎2021-11-15 02:14 AM
In response to Timothy_Hall

Issue was with client ISP.

Many Thanks for the advise.

 

0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-11-29 09:42 AM
In response to Timothy_Hall

Hello,

When the problem is with the "download" of a certain resource, from my LAN to the Internet, passing through a GW, how can you rule out, that the problem is not the Firewall.

For example, I have such a flow:

User_LAN -> SW -> ClusterGW -> ISP -> INTERNET

The user tries to download a public resource that is on the Internet, but the "download" is too slow.

Is there any way to rule out that the problem is the FW?

Regards.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-11-29 04:34 PM
In response to Matlu

If the firewall is causing the problem, you would see evidence of it.
For example, a single CPU is 100% during the file transfer or something in the Super Seven Commands is off: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40... 
There may be other signs, but that's the most obvious.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events