Announcement

Collapse
No announcement yet.

Website in DMZ slow when using port 80 but ok when moved to internal or use HTTPS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Website in DMZ slow when using port 80 but ok when moved to internal or use HTTPS

    Hi all

    The subject doesn't tell the whole story so ill try to explain:

    Windows Server 2003 Server running IIS serving a website which is in a DMZ. It connects to a database server (MS SQL 2005) on the internal network. The website is slow to users using IE7+ on the internal network when using unsecured access (port 80/HTTP). However it is much faster to users connecting from the internet or if internal users use HTTPS.

    Move the server to the Internal network and everyone runs much faster with unsecured access (HTTP/80).

    Move back to the DMZ and slow again with HTTP/80 but ok with HTTPS.

    We have recently moved from a Cisco PIX to an ASA if that makes any difference.

    Thanks in advance!!!
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

  • #2
    Re: Website in DMZ slow when using port 80 but ok when moved to internal or use HTTPS

    I am pretty sure there may be some bandwidth throttling on that DMZ port, can you verify that your port speed for that DMZ link is set to 100/1000mbit/sec?

    Jordan
    Jordan

    IT Pro Evangelist
    (MICROSOFT-NORTEL-CISCO-ZYXEL)

    Comment


    • #3
      Re: Website in DMZ slow when using port 80 but ok when moved to internal or use HTTPS

      Hi Jordan

      Thanks for the reply. The port is running at 100MB as it goes into a Switch then into the DMZ port on the firewall. I can see what you are getting at but wouldn't it affect external access aswell as internal if this wa the case?
      Server 2000 MCP
      Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: Website in DMZ slow when using port 80 but ok when moved to internal or use HTTPS

        For port speeds yes, but I am not sure if the ASA has different conditions on how it treats external & internal traffic, check that out and get back to me. Thanks


        Jordan
        Jordan

        IT Pro Evangelist
        (MICROSOFT-NORTEL-CISCO-ZYXEL)

        Comment


        • #5
          Re: Website in DMZ slow when using port 80 but ok when moved to internal or use HTTPS

          Hmmm for me it sounds like that the inspection causes delays since HTTPS can't be inspected due to encryption.
          What version of the ASA software are you running?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Website in DMZ slow when using port 80 but ok when moved to internal or use HTTPS

            The config says: ASA Version 8.2(1)
            Server 2000 MCP
            Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment

            Working...
            X