VPN-1 Edge Latency Problem - Firewalls

This is a discussion on VPN-1 Edge Latency Problem - Firewalls ; My government agency has been working on a Checkpoint FW-1 deployment that involves 35+ remote sites with Sofaware VPN-1 Edge devices. These sites have broadband Internet via either DSL or Cable, and are linked back to the FW-1 with a ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: VPN-1 Edge Latency Problem

  1. VPN-1 Edge Latency Problem

    My government agency has been working on a Checkpoint FW-1 deployment
    that involves 35+ remote sites with Sofaware VPN-1 Edge devices.
    These sites have broadband Internet via either DSL or Cable, and are
    linked back to the FW-1 with a AES/SHA-1 tunnel. The pipe at the main
    site where the FW-1 sits is a DS3 with 10Mbs. Here's the issue. We
    see problems with domain logon and accessing shared resources from
    time to time. Originally, it was though to be a DNS issue, but we
    have found a consistent latency issue at the sites. Pinging a host on
    the WAN from any PC at a site produces a time-out or 3000-4500ms
    response on the first reply, and the next three are normal 20-30ms.
    Ping again right after and all four are normal. If you wait exactly
    30secs and ping the second time, back to a long delay or no response
    on the first ping. The tunnel is always up from what we can see. Any
    thoughts on what might be happening on this 30-second interval that
    causes the intial latency. Note that if you establish a connection to
    a remote device that produces regular bi-directional traffic, you
    STILL see the latency issue on the first attemp to connect from the
    same PC. Help.

    Dan Ingling
    County of Burlington, NJ

  2. Re: VPN-1 Edge Latency Problem


    "Dan Ingling" wrote in message
    news:9fa6e4c0.0411110332.71f24ecc@posting.google.c om...
    > My government agency has been working on a Checkpoint FW-1 deployment
    > that involves 35+ remote sites with Sofaware VPN-1 Edge devices.
    > These sites have broadband Internet via either DSL or Cable, and are
    > linked back to the FW-1 with a AES/SHA-1 tunnel. The pipe at the main
    > site where the FW-1 sits is a DS3 with 10Mbs. Here's the issue. We
    > see problems with domain logon and accessing shared resources from
    > time to time. Originally, it was though to be a DNS issue, but we
    > have found a consistent latency issue at the sites. Pinging a host on
    > the WAN from any PC at a site produces a time-out or 3000-4500ms
    > response on the first reply, and the next three are normal 20-30ms.
    > Ping again right after and all four are normal. If you wait exactly
    > 30secs and ping the second time, back to a long delay or no response
    > on the first ping. The tunnel is always up from what we can see. Any
    > thoughts on what might be happening on this 30-second interval that
    > causes the intial latency. Note that if you establish a connection to
    > a remote device that produces regular bi-directional traffic, you
    > STILL see the latency issue on the first attemp to connect from the
    > same PC. Help.
    >
    > Dan Ingling
    > County of Burlington, NJ


    We have had exactly the same problem. This should be fixed in firmware
    version 4.5.57.

    http://sofaware.infopop.cc/eve/ubb.x...1&m=9671013161

    Chris.



+ Reply to Thread