Slow FTP transfers

Hi,

I'm having an issue when ftp'ing (default port mode) large file (50megs)
to a remote server sitting behind FWSM. The transfer gets real slow and
at times just timeouts.

Now when I change ftp mode to passive the same file transfer works w/o
any issues. Why?

Have inspect ftp and mtu is set for 1500. I've checked for duplex
settings as well which is good.

Any thoughts will be great.

regards
sky

_______________________________________________
firewall-wizards mailing list
firewall-wizards@...
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

	Slow FTP transfers by virendra rode // :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I'm having an issue when ftp'ing (default port mode) large file (50megs) to a remote server sitting behind FWSM. The transfer gets real slow and at times just timeouts. Now when I change ftp mode to passive the same file transfer works w/o any issues. Why? Have inspect ftp and mtu is set for 1500. I've checked for duplex settings as well which is good. Any thoughts will be great. regards sky _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
	Re: Slow FTP transfers by Lord Sporkton :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message sky wrote: Hi, I'm having an issue when ftp'ing (default port mode) large file (50megs) to a remote server sitting behind FWSM. The transfer gets real slow and at times just timeouts. Now when I change ftp mode to passive the same file transfer works w/o any issues. Why? Have inspect ftp and mtu is set for 1500. I've checked for duplex settings as well which is good. Any thoughts will be great. regards sky _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards debug the inspect? are you doing nat between device or just acl and inspect? when you say slow, are you sure its not just dropping the data transfer and it "appears" as a slowdown on the client side? I have seen that with some ftp clients, they do an average transfer rate over x amount of time and so it appears as slowdown when in reality its actually a dropped stream. the ftp client you use, does it have a debug mode? i think the standard windows and standard *nix ftp clients have a debug mode. you might look into that for some clues, You say it gets slow and timesout "at times" does that mean this problem is somewhat random and not fully reproducable? when does the slowdown start? how long before it times out? _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
	Re: Slow FTP transfers by Behm, Jeff :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thursday, August 20, 2009 12:19 PM, sky said: >I'm having an issue when ftp'ing (default port mode) large file >(50megs) to a remote server sitting behind FWSM. The transfer >gets real slow and at times just timeouts. >Any thoughts will be great. Any sort of packet shaper/QoS device between the endpoints? _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
	Re: Slow FTP transfers by Francois Yang :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I've seen slow traffic due to the firewall trying to do many things like checking for viruses, packet anomalies, etc... Maybe there's some checks that works better or worst depending if the ftp session is passive or not. Frank On Fri, Aug 21, 2009 at 7:43 AM, Behm, Jeff<jbehm@...> wrote: > On Thursday, August 20, 2009 12:19 PM, sky said: > >>I'm having an issue when ftp'ing (default port mode) large file >>(50megs) to a remote server sitting behind FWSM. The transfer >>gets real slow and at times just timeouts. > >>Any thoughts will be great. > > Any sort of packet shaper/QoS device between the endpoints? > _______________________________________________ > firewall-wizards mailing list > firewall-wizards@... > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards > -- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. — White House Cybersecurity Advisor, Richard Clarke _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
	Re: Slow FTP transfers by Victor Williams-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On any ASA's I've dealt with I've seen this behavior when inspection of FTP was going on. Try shutting it off completely and see what happens. If it speeds up and works fine, you know where the problem lies. sky wrote: > Hi, > > I'm having an issue when ftp'ing (default port mode) large file (50megs) > to a remote server sitting behind FWSM. The transfer gets real slow and > at times just timeouts. > > Now when I change ftp mode to passive the same file transfer works w/o > any issues. Why? > > Have inspect ftp and mtu is set for 1500. I've checked for duplex > settings as well which is good. > > Any thoughts will be great. > > regards > sky > > > > _______________________________________________ > firewall-wizards mailing list > firewall-wizards@... > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards > > > _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
	Re: Slow FTP transfers by Farrukh Haroon :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Your problem could be due to your firewall blocking the IDENT protocol Have a look at this link: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094317.shtml It could also be related to PTR records for your DIP Pool (but highly unlikely): http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml Regards Farrukh On Mon, Aug 24, 2009 at 7:26 PM, Francois Yang <francois.y@...> wrote: I've seen slow traffic due to the firewall trying to do many things like checking for viruses, packet anomalies, etc... Maybe there's some checks that works better or worst depending if the ftp session is passive or not. Frank On Fri, Aug 21, 2009 at 7:43 AM, Behm, Jeff<jbehm@...> wrote: > On Thursday, August 20, 2009 12:19 PM, sky said: > >>I'm having an issue when ftp'ing (default port mode) large file >>(50megs) to a remote server sitting behind FWSM. The transfer >>gets real slow and at times just timeouts. > >>Any thoughts will be great. > > Any sort of packet shaper/QoS device between the endpoints? > _______________________________________________ > firewall-wizards mailing list > firewall-wizards@... > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards > -- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. — White House Cybersecurity Advisor, Richard Clarke _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
	Re: Slow FTP transfers by ndnalibi :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. I’ve had a similar problem twice. The first time we had a bad network cable that was causing repeated resends due to a short. This sometimes caused timeouts if a file couldn’t be transferred within a certain amount of time The second time we had a wireless T1 that was being blocked by a tree. Small files came across, but large files would sometimes time out. Not always, though, due to the fact that the tree’s leaves would blow in the wind or be still. Both issues were basically the same. Frequent packet errors which cause retransmits and eventually timeouts when the sending computer does not get a response. It taught me to never overlook the basics! Bill O’Connell Network Solution Manager Liberty Creative Solutions, Inc. 18625 West Creek Dr. \| Tinley Park, IL 60477 V: (708) 633-7450 F: (708) 633-7449 www.libertycreativesolutions.com From: firewall-wizards-bounces@... [mailto:firewall-wizards-bounces@...] On Behalf Of Farrukh Haroon Sent: Tuesday, August 25, 2009 2:50 AM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] Slow FTP transfers Your problem could be due to your firewall blocking the IDENT protocol Have a look at this link: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094317.shtml It could also be related to PTR records for your DIP Pool (but highly unlikely): http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094459.shtml Regards Farrukh On Mon, Aug 24, 2009 at 7:26 PM, Francois Yang <francois.y@...> wrote: I've seen slow traffic due to the firewall trying to do many things like checking for viruses, packet anomalies, etc... Maybe there's some checks that works better or worst depending if the ftp session is passive or not. Frank On Fri, Aug 21, 2009 at 7:43 AM, Behm, Jeff<jbehm@...> wrote: > On Thursday, August 20, 2009 12:19 PM, sky said: > >>I'm having an issue when ftp'ing (default port mode) large file >>(50megs) to a remote server sitting behind FWSM. The transfer >>gets real slow and at times just timeouts. > >>Any thoughts will be great. > > Any sort of packet shaper/QoS device between the endpoints? > _______________________________________________ > firewall-wizards mailing list > firewall-wizards@... > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards > -- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. — White House Cybersecurity Advisor, Richard Clarke _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards -- This message has been scanned for viruses and dangerous content by OpenProtect, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by OpenProtect, and is believed to be clean. _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
	Re: Slow FTP transfers by noc ops :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I've looked at every possible aspect of this connection based on the feedback I've received w/ no avail. FSWM module is running v1.1(4) and CATOS v7.6(16). Any further insight will be appreciated. regards, sky sky wrote: > Hi, > > I'm having an issue when ftp'ing (default port mode) large file (50megs) > to a remote server sitting behind FWSM. The transfer gets real slow and > at times just timeouts. > > Now when I change ftp mode to passive the same file transfer works w/o > any issues. Why? > > Have inspect ftp and mtu is set for 1500. I've checked for duplex > settings as well which is good. > > Any thoughts will be great. > > regards > sky > > > > _______________________________________________ > firewall-wizards mailing list > firewall-wizards@... > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards > _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
	Re: Slow FTP transfers by noc ops :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Chris, There are no tracking module(s) that I know of. These servers are located behind FWSM. I haven't tried different server but active mode seems to cause intermittent problem whereas passive mode seems to be the work around. regards, sky Chris Smith wrote: > Sky does the device that the ftp server sits behind have any kind of ftp connection tracking module? > > What happens with a different ftp server behind the same firewall using active mode and the same 50 MB file? > > This test will at least tell you if the firewall is the issue. > > Perhaps it could be an issue with the ftp server or the tcp stack on the host OS? > > Have you tried starting the service in a debug mode? > > Hope this helps. > > ----- Original Message ----- > From: firewall-wizards-bounces@... <firewall-wizards-bounces@...> > To: Firewall Wizards Security Mailing List <firewall-wizards@...> > Sent: Wed Oct 07 14:49:41 2009 > Subject: Re: [fw-wiz] Slow FTP transfers > > Hi, > > I've looked at every possible aspect of this connection based on the > feedback I've received w/ no avail. > > FSWM module is running v1.1(4) and CATOS v7.6(16). > > Any further insight will be appreciated. > > > regards, > sky > > sky wrote: >> Hi, >> >> I'm having an issue when ftp'ing (default port mode) large file (50megs) >> to a remote server sitting behind FWSM. The transfer gets real slow and >> at times just timeouts. >> >> Now when I change ftp mode to passive the same file transfer works w/o >> any issues. Why? >> >> Have inspect ftp and mtu is set for 1500. I've checked for duplex >> settings as well which is good. >> >> Any thoughts will be great. >> >> regards >> sky >> >> >> >> _______________________________________________ >> firewall-wizards mailing list >> firewall-wizards@... >> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards >> > _______________________________________________ > firewall-wizards mailing list > firewall-wizards@... > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Slow FTP transfers

Slow FTP transfers

Re: Slow FTP transfers

Re: Slow FTP transfers

Re: Slow FTP transfers

Re: Slow FTP transfers

Re: Slow FTP transfers

Re: Slow FTP transfers

Re: Slow FTP transfers

Re: Slow FTP transfers