What's slowing things down? - more of a theory question...

If you were to suspect that your Firebox is slowing traffic down, how would you begin to diagnose the problem?
For example, how could you narrow down your diagnosis to a Firewall rule, a network config issue or Subscription Services?

The logs could show you anything which has been denied, but how can you identify bottlenecks?

Thanks.

David

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @David_UK

    A bit more of a complicated answer than you were likely looking for, but:
    It'll depend on what you mean by slow. There's quite a few problems that can be perceived that way.

    -Is the firebox capable of the speed that you're looking to achieve? (Check the datasheet for that firewall on watchguard.com) The IPS speed is a good reference starting point for traffic over a single packet filter out one interface and into another.

    -How is the traffic being slowed?
    --If it's due to dropped packets, do you see any packet drops or errors in the status report of the firewall?
    --If it's due to load, do you see the CPU or LOAD making it to 100.
    --If it's due to latency, are there any services being applied to that traffic that might be inducing it?

    If you need help determining any of that, I'd suggest a support case so one of our team can help work out how to fix your issue.

    -James Carson
    WatchGuard Customer Support

  • Hi James,
    Apologies for the delayed reply...
    Thanks for your help; in response;

    The Firebox capability/throughput isn't a concern, the spec is suitable for my use.

    Today, my 'theory question' is more practical. Wifi (WG AP) is working very well and providing great speed with the majority of devices... apart from one where web browsing (for example) is painfully slow.

    I'm going to delve into the data to see if I can identify anything using the pointers you mentioned.

    Thanks again.

    David

  • Hi David,

    I had an issue similar to yours, in that web browsing and the initial page loads would take forever. Converting the web rule from a proxy to a packet rule worked around it to let me know that it was something with the proxy.

    From there I disabled services one by one. It turned out to be the WebBlocker service. For some reason the latency to the WebBlocker cloud servers was over 300ms. Turning webblocker off fixed the issue.

    We ended up running our own on-prem WebBlocker, then after a few weeks the cloud service was fixed and we could go back to the cloud side (this was about 2 years ago now, havent had this problems since). This was on an M270.

    On a T15 we had an issue in that too many users were behind the device which caused memory to peak around 90%, CPU to max out at 100% and the proxy services to crash. We were told 5 users which turned out to be 20. We were able to determine the processing limitation by looking at the Web Management Dashboard. From here we had to be selective with the services we were running. We upgraded them to a T40 and the issue went away.

    Hope this helps,
    Dave.

Sign In to comment.