Lauren, What you are describing sounds similar to a problem we have seen with devices that have autosensing NICs but do not always autosense correctly. When this happens the speeds are usually o.k. between the device and a hub or a switch but the duplex setting is incorrect. Low volume traffic such a pings works fine but higher volume traffic slows down a bunch due to collisions and retransmissions. Something to consider.
Good luck, Loren Wagner ----- Original Message ----- From: "Lauren Horn" <[EMAIL PROTECTED]> To: "Firewalls List" <[EMAIL PROTECTED]> Sent: Wednesday, December 12, 2001 7:24 PM Subject: NetGear FR314/PPPoE possible routing problem > A client of mine must get his broadband connection via DSL from a > particular ISP (Whose staff, I'll say at the start, have been > unfailingly pleasant to deal with but who admit to having no idea > what's wrong.) > > The client wants a stateful packet inspection (hereinafter STPI) > firewall rather than a simple NAT box, and we have tried two: the > SOHOware NBG800 and the NetGear FR314. The SOHOware unit was knocked > out due (the ISP says) to an incompatible and non-adjustable MTU. The > NetGear unit almost works, and that's where it gets interesting. > > The problem in a nutshell: > > With the firewall in place, some web sites won't load, or rather load > so slowly that something times out before they complete. With the DSL > modem connected directly to the client's PC, the sites load fine. > > It seems that either the NetGear box has a suble routing problem that > occurs only when it is hooked to a PPPoE ISP, or the ISP has a sutble > problem, perhaps with STPI firewalls, that they can't figure out. > > The details: > > FWIW I have tried Both IE5x and Netscape 4.7x browsers. A few sites > are marginal, and work intermittently with the firewall in place. > (DSLreports, for example.) > > A perfect example of the problem is found in the ISP/phone company's > own web pages. www.acsalaska.com comes up fine, but (with the > firewall in place) www.acsalaska.net does not. > > FWIW, I can ping sites that allow it to my heart's content, regardless > of whether the firewall is in place or not. The reply times were in > line with what I expect up here. > > This problem has been reproduced during three site visits on different > days. The ISP's and NetGear's techs thought there was something wrong > with the firewall itself. So I used the unit in my own network, which > uses a cable modem (non-PPPoE) for Internet access, and had no problem > with it. > > The only router/firewall supported by this ISP is a Nexland NAT-only > unit. One ISP tech said SonicWALL's firewalls will not work with > their service, but couldn't say why. That last piece of information > is my only lead, as I hear rumor that the FR314's firmware is licensed > from SonicWALL. > > I know of other STPI firewalls in the under-$200 range, but I want to > have some idea of what's wrong before the client buys another one. > > Well, I've tried to keep all this short, and I apologize for failing. > Does this problem ring any bells? > > -Lauren > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
