ScreenOS Firewalls (NOT SRX)
Reply
Contributor
aweise
Posts: 36
Registered: ‎09-18-2009
0

Large file transfer through SSG20

We recently moved a Windows 2003 file server from a remote office to our central office. Users in the remote office then began having trouble open large, GIS-type files (mostly maps and similar files) from this server. This office was connected via a Netscreen-204 through a 100Mb ethernet circuit from our provider and the same provider gives us a 1Gb ethernet circuit in our central office.

 

The "WAN" interface (100Mb, full duplex) was taking some inbound errors and we had done some tests in the past that seemed to point to the 204 as a problem - CPU was also a little high, ranging from 20-40% utilization during business hours and spiking up to 80% when traffic jumped.

 

We replaced the 204 with an SSG20 (that's all we had in stock, no 204s were available) and the file transfers worsened about 3-fold. I understand the specs of the SSG20 would be smaller than the 204, but the number of sessions aren't coming close to the max of the SSG20, yet the CPU performance is similar to what we've always seen.

 

Is there something on the SSG20 that we can view to determine if it is having problems performing? There are no more interface errors and it looks as if the default interface MTU is correct (1500 bytes).

 

Distinguished Expert
firewall72
Posts: 825
Registered: ‎05-04-2008
0

Re: Large file transfer through SSG20

Hi,

 

I think your issue may be related to either PPS or Sessions.  The SSG20 High Memory can only support 16K sessions and 30K PPS.  The SSG20 is a low end box and it appears it may be over subscribed.  I've pasted some additional links below that may help.

 

http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/NS-25-Max-PPS/m-p/18475/highlight/true#M7996

 

http://kb.juniper.net/index?page=content&id=KB14737&actp=search&searchid=1279160009756

 

-John

John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.