Chris,
The answer to the slowdown problem is yes. Very often *Nix NIC cards do not
play well with autonegotation and switches. My advice would be to hard set
100/full on both the switch and the firewall. With there being a mismatch,
you are going to be taking layer 2 FCS and collison errors on both ends.
As for mii-tool, it will do the job fine until a reboot.... usually. My
advice would be to modify the appropriate /etc files for the networking
stuff and reboot; this will also make it so that when the server is
rebooted the 100/full parameters stay set and not default back (mii-tool
does only does an on-the-fly modify). I have had problems in the past with
mii-tool and it not actually taking effect, or it just taking down the
interface completely. A couple of times it eventually recovered as soon as
the switch caught up, but it all depends on the switch, switch settings,
etc.
Good luck!
Regards,
Matt Goddard
Security Information Team
Schneider National, Inc.
"To find out what one is fitted to do and to secure an opportunity to do so
is the key to happiness."
|---------+-------------------------------------------->
| | Chris Jenkins |
| | <[EMAIL PROTECTED]> |
| | Sent by: Mailing list for |
| | discussion of Firewall-1 |
| | <[EMAIL PROTECTED]|
| | KPOINT.COM> |
| | |
| | |
| | 01/13/2005 12:08 PM |
| | Please respond to Mailing list |
| | for discussion of Firewall-1 |
|---------+-------------------------------------------->
>----------------------------------------------------------------------------------------------|
|
|
| To: [email protected]
|
| cc:
|
| Subject: [FW-1] Slow Throughput (Mismatched Interface?)
|
>----------------------------------------------------------------------------------------------|
Hi,
I'm trying to migrate our firewall systems to SecurePlatform. Our server
is
a Compaq server with 2x 733MHz Processors, 2x 1.8 GB HDs (Mirroring) and
1GB
RAM. I have the Splat NG AI installed with Check Point R55 HFA12. Thing
is, I'm getting really slow responses when I try to browse websites through
the firewall. Someone suggested that this may be caused by a setting
mismatch between the firewall and switch. Checks indeed show that the
switch interfaces are set to 100BaseTx, Full Duplex, while the firewall is
set to 100baseTx, Half Duplex. However, when I change the interface
setting
on the firewall (using the mii-tool utility) to match that of the switch, I
can no longer "see" the network.
My questions therefore are:
1. Is the mii-tool appropriate for doing what I'm trying to do?
2. Could this interface mismatch actually be slowing the traffic
throughput?
3. Is there anything else I need to check to resolve this issue (kernel
parameters perhaps)?
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
