Greetings!
William J Husler wrote:
> I checked. We have two processors and 1GB RAM in this box. SAR indicates
> that we are using 60% or less, but throughput still sucks and we have
> occasional packet loss. The packet loss is not predictable or reliably
> reproducible. None of our other firewalls are exhibiting these problems, but
> then each firewall implementation serves a different purpose. The problem
> box is one of two similarly configured boxes that we have tried for this
> implementation. Both exhibit the same problem.
> Bill
Maybe the problem is not the firewall but the surrounding network? You should check
network utilization (esp. collisions and drops) on each of the interfaces plus
appended routers/switches/hubs. We once had "bad throughput" through "the firewall"
though the firewall was (nearly) idling. Later we discovered, that one of the
attached routers ("high performance, no problems there, trust me...") only had
10MBit/s half-duplex on its high-load network interface. This drove the ethernet
collision rate to well above 70% - and throughput to near zero.
Bye
Volker
begin:vcard
n:Tanger;Volker
tel;fax:+49 - 69 - 92901-213
tel;work:+49 - 69 - 92901-570
x-mozilla-html:FALSE
url:http://www.res.globalone.net/
org:Global One;Global Project Engineering
version:2.1
email;internet:[EMAIL PROTECTED]
title:Sr. Security Engineer
adr;quoted-printable:;;Stiftstrasse 23=0D=0A;Frankfurt;;60313;Germany
note;quoted-printable:Room 608=0D=0A
fn:Volker Tanger
end:vcard
