We have a customer sending a large volume of mail over an ISAKMP VPN.
They are only seeing 16kb/sec throughput. Logs look good. vmstat on
both FW's (running Solaris FW1 4.1 bld 41489) shows 50-70 % idle on more
loaded fw, 90% idle on other.
The only firewall related issue I could think of could be excessive
fragmentation due to encapsulation. This raises 2 questions:
1. How much under the minimum MTU in the route should I set the
firewalls MTU to prevent this?
2. What should I grep for when snooping to see if there are excessive
requests to fragment?
Any other suggestions to TS will be greatly appreciated! I don't think
the problem lies in the FW's but it is hard to show since when they use
the existing F-R net they don't have the problem.
-PaulK
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
