Thanks for the advice - did sound promising. However disabling Path MTU-D
made no difference nor did enabling ICMP nor did reducing MTU.
Our setup uses Static NAT of DMZ servers to the outside; no NAT to the
inside. Internal machines going out use a hiding address. The problem is
specific to machines on the internal network i.e. machines accessing our FTP
server (on the DMZ) from outside can GET all files without a problem.
Internal machines experience download failures for _specific_ file downloads
from both the DMZ and Internet. Some files download without a problem. The
failure point is consistent e.g. 140K for HP's Jetdirect Admin. tool.
Any ideas would be appreciated...
TIA
Adrian Wilson
-----Original Message-----
From: Ing. Eduardo Frias T. [mailto:[EMAIL PROTECTED]]
Sent: 06 September 2000 17:11
To: Adrian Wilson
Cc: '[EMAIL PROTECTED]'
Subject: Re: [FW1] Bizarre FTP behaviour for some files
Check PATH-MTU Discovery with icmp filtering.
Probably that is the cause. If you are dropping icmp packets in your
router then surely that is the cause. Solution: Lower the MTU value.
Let me know if that helps you.
On Wed, 6 Sep 2000, Adrian Wilson wrote:
>
> Dear All,
>
> We are experiencing a very strange problem with FTP downloads. We are able
> to establish FTP connections with remote servers and initiate data
> downloads. However, certain files stall (sometimes continue
intermittantly)
> and the behaviour is repeatable. We tested this using our own FTP server
on
> our DMZ as follows:
>
> Establish control connection
> GET a 10Mb ZIP file - 15 seconds
> GET the same ZIP file - 15 seconds
> GET a 10Mb DOC file - 5 seconds of rapid download, then small bursts of
data
> transfer, then restarts, then stalls and connection is eventually lost
>
> This is absolutely consistent. The rule has been modified such that it is
> now INTERNAL ANY FTP ALLOW LOG (previously FTP was being scanned by ESPG).
> The log shows the connection being established and there are no drops.
>
> I am guessing that there is something in the data stream that is causing
> FW-1 problems but this is causing a great deal of difficulty. Users are
> complaining lots and I really need to find a solution. Any help would be
> much appreciated.
>
> Platform is Sun box running Solaris; FW-1 4.0 SP6.
>
> Regards,
> Adrian Wilson.
> Infrastructure Engineer
> VEGA Group
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
--
Eduardo Frias
[EMAIL PROTECTED]
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
