Slow FTP downloads from behind PIX

["Darren Maskowitz" <squitz () gmail com>]

I'm having some issues with FTP traffic through our Cisco PIX 515E.
Our corporate FTP server is located outside the firewall, and we
recently upgraded the FTP server software. This resulted a noticeable
increase in the speed uploading files to the server (5 MB/s+). However
when attempts were made to download files from the server speeds
average about 300 KB/s, rapidly fluctuating between 30KB/s and 600
KB/s. Downloading the same file to a server outside our firewall
resulted in speeds of about 6MB/s.

Looking at the firewall: the default inspection scheme is enabled, and
the FTP inspection is turned on. The FTP server requires active
transfer mode, and everything works, albeit slowly. After turning off
FTP inspection connections to the FTP server did not work until
enabling passive mode, but that didn't change the speeds at all.

I should probably also mention that the PIX is not doing any NAT. All
the workstations and servers here have Internet routable IP addresses
(206.75.x.x).

Any suggestions?

Thanks,
Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards