Performance issues - slow packet filter

pacificadminpacificadmin
in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

XTM505
11.4.2

I noticed some download performance issues (HTTP and FTP) on a server that's in the DMZ segment. Putting all other testing aside, I'm focusing on just FTP traffic at the moment. What I find very strange is that a basic FTP packet filter rule is under performing an FTP proxy rule.

Downloads to an external client through the FTP proxy are about 1200 KB/s. Through the FTP packet filter I can only get 120 KB/s.

I've checked all bandwidth limiting settings that I can think of and everything appears to be configured correctly. Any ideas why this packet filter would be so slow?

Comments

  • luca_burattiluca_buratti

    I confirm now Proxy is faster than Pf ...

  • james.carsonjames.carson Moderator, WatchGuard Representative

    For FTP, the connection tracking portion of the proxy could be correcting some port/address translation issues which may account for the speeds.

    If you're using a packet filter, ensure that you're using the special FTP type, and not an Any packet filter, as this won't track the connections for FTP properly.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.