High latency problem

efes9999efes9999
edited January 2022 in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

Occasionally our Watchguard firewall's ( M470 firmware 12.7.2)  responses are really slow; e.g. ping replies are over 2000ms for an extended period of time (usually they are around 40ms). Even our connection to FSM drops sometimes. There are no issues at the network level.

If the cpu utilization, free memory doesn't change during this time, and if it is not a bandwidth issue, what can it be?

The only policy I suspect is our DNS proxy, but cpu utilization always stays under 10% so firewall doesnt seem to be overloaded.

Thanks.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @efes9999
    The first thing I'd suggest checking is if the firewall is responding to the pings in a reasonable amount of time from when it receives them.

    You can use the TCPDUMP tool to determine how many ms the firewall is taking to actually reply from when it receives the request.

    See:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/log_message_learn_more_wsm.html

    Using the tcpdump option, with advanced options checked, you can use an argument like:
    -i eth1 host 10.0.1.2 and icmp
    To narrow down the traffic to just the host you're sending pings from, and just icmp traffic. Change "eth1" to the interface it's arriving on, and the IP to the IP you are pinging from.

    -James Carson
    WatchGuard Customer Support

  • efes9999efes9999
    Thanks James. I was able to analyze the incoming Watchguard traffic using a network analyzer (netflow), and was able to find the source ip causing the issues. According to one of our clients' provider, it is most likely a rogue switch in a loop multiplying the traffic sent to the firewall.
Sign In to comment.