Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Kavan
Advisor
Advisor

https uploads 5X slower thru one gateway than another

Hi Mates,

Developers are seeing 1.7 MB/s upload speeds with HTTPS thru one of my gateways with a 10 GB Firbre interface (1 40e driver), while seeing 9.5 MB/s HTTPS upload speeds thru another with a 1 GB interface tg3 driver.  I'm not seeing any rx/tx errors.   Using scp the speeds are similar, which indicates a issue with the application, but they are still blaming the firewall saying they are using the same code.   I'm not seeing any drops.  I'm not doing https inspection.   Let me double check categorization is the same on both.  Yes, it's a global setting categorize https and cached are both checked.   Any ideas are welcome.   This is all internal traffic going thru the internal interface and a VLAN interface.  Neither of these gateways are in a cluster, both are standalone.   I tried turning off fwaccel I tried a TE exception from IPS/AV/AB, no effect either.   I do have the URL filtering blade on the slower one and not the faster one.  

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee

Are the gateways both the same version/JHF I assume they aren't showing other signs of performance issues / high load?

CCSM R77/R80/ELITE
0 Kudos
Daniel_Kavan
Advisor
Advisor

Hi Chris,

The load and memory (resources) all look good on both.   The slower one is on JHF65, whereas the faster has a slightly older JHF.  Same major version though.  I'm adding URL filtering on the faster one to see if that slows it down.   Assuming, URLF will slow it down, can you make an exception for URLF?   I assume you can in the access policy, but I haven't tried it before.

0 Kudos
emmap
Employee
Employee

If it's a static IP destination you can 'except' it from URL filtering by adding a rule above all the URLF/APPC rules in the layer to that destination IP with standard logging configured.

Daniel_Kavan
Advisor
Advisor

So, once you add the URLF blade on your gw, you have to use the URLF category with the suitcase label in an access rule?   If you aren't using the category tag, then the blade isn't being used?    Do you block or allow on the URL filtering category?   I assume its a block?    I assumed URLF was used in the background for application control categories.

0 Kudos
emmap
Employee
Employee

When the URLF blade is enabled on the gateway and inside the policy layer, it is invoked on any rule with URL categories or custom sites in it, or if the logging is set to Detailed logging. A rule that uses standard port based services with normal basic logging does not go through the URLF blade even when it is enabled on that policy layer.

the_rock
Legend
Legend

You can absolutely do that, yes.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events