Perhaps your Firewall is responding ICMP Packet-Too-Big messages from your provider and/or transit systems. Or, perhaps is using a path-MTU-discovery mechanism. I'm somewhat surprised that the Sonicwall engineer hadn't seen MTU issues like this. They are very common with VPNs - and although that's not what you're dealing with here... the same principles apply.
Have you tried turning off/blocking ICMP at your outside interface (more than just Echo/Ping) to see if the problem goes away? Aaron T. Rohyans Senior Network Engineer CCIE #21945 DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 arohy...@dpsciences.com<mailto:arohy...@dpsciences.com> http://www.dpsciences.com/ "I want an Anti-Virus system that sends Arnold back in time to kill the hacker as a small child before he invents the virus..." "There are 10 kinds of people in this world... those who can read binary, and those who can't" From: Lists - Level5 [mailto:li...@levelfive.us] Sent: Thursday, August 26, 2010 3:57 PM To: NT System Admin Issues Subject: RE: Bandwidth problems We have internal IPS/IDS, and mail filters already setup. We have tracked down the issue with Sonicwall today, apparently our MTU size is fluctuating. It was set to default 1492, I lowered it to 1404 and then this command : ping google.com -f -l 1400 worked just fine, however an hour later it would come back saying needed to fragment the packet, so now we are running with an MTU of 1360 or 1366 or something . Very odd problem, we are migrating away from the current provider and the powers that be are wondering if this is being done purposefully. Sonicwall engineer said he doesn't recall seeing an MTU size working for 10-15 mins then suddenly be too big. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, August 26, 2010 12:11 PM To: NT System Admin Issues Subject: Re: Bandwidth problems You don't NEED the security stuff? Can I ask why?!? ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by <http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email&utm_campaign=footer> WiseStamp<http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email&utm_campaign=footer> On Thu, Aug 26, 2010 at 11:38 AM, Lists - Level5 <li...@levelfive.us<mailto:li...@levelfive.us>> wrote: Rich, all the security stuff is disabled, we didn't need it anyway but I took it off as a precaution the other day. From: Richard Stovall [mailto:rich...@gmail.com<mailto:rich...@gmail.com>] Sent: Wednesday, August 25, 2010 12:19 PM To: NT System Admin Issues Subject: Re: Bandwidth problems Do you have any of the SonicWall security services or content filtering licensed and enabled? Have you cranked up alerting to tell you if the SonicWall might be blocking something because of one of those services? That 5500 should be powerful enough to handle quite a bit of throughput. On Wed, Aug 25, 2010 at 11:55 AM, Level 5 Lists <li...@levelfive.us<mailto:li...@levelfive.us>> wrote: I have been troubleshooting a bandwidth problem where connections are dropping. We ran some different tests like speedtest and pingtest as well as a trial of visualware. Everything points to tcp max delay (300ms) being a major issue and suggests packet loss. I have run some tracerts for the ISP and they say its not their side. I tend to believe them a little because if we unplug our Sonicwall and go directly the problem goes away. As a test I rolled out a new Sonicwall 5500, reconfigured it and the problem still exists. We are jumbo framed enabled internally, and our procurve mgmt software has some intermittent issues throughout the network but nothing specific. Does anyone have any good tools they could recommend to test internal connectivity, the few tools i see just test speed which seems to be running just fine (qcheck). Thx ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: arch...@mail-archive.com. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9078340 or send a blank email to leave-9078340-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
<<inline: image001.jpg>>