Results 1 to 2 of 2
  1. #1
    Master Untangler
    Join Date
    Dec 2008
    Location
    Greater Omaha Area
    Posts
    253

    Default FTP Performance Issue

    A computer software firm whom is a client of mine is having performance issues with their software package doing FTP transfers running through Untangle. We have tested with and without Untangle and also with other protocols with Untangle. Essentially, with FTP we are seeing less than 1/10th of the performance compared to STPS and HTTPS transfers with the same configuration.

    They have 3 NIC's, External, DMZ and Internal, standard installation with Port Forwarding going to the DMZ machine and a Firewall rule blocking any DMZ access to the Internal machines (manually added). Both Internal and DMZ have full access to the External interface (by default) and the Internal machines are able to establish connections to the DMZ machine (by default).

    With SFTP and HTTPS transfers, a connection request is made from an external client, the request is routed to the DMZ that has an established connection from the internal server. We are consistently seeing around 3Mbps or more transfers with both SFTP and HTTPS.

    With FTP transfers, a connection request is made from an external client, the request is routed to the DMZ that has an established connection from the internal FTP server. All FTP commands are sent back and forth on this control connection.

    However, all transfers are done on a secondary data connection (for uploads, downloads, and directory listings) which is established from the internal FTP server to the external FTP client. We are seeing sub-400Kbps transfers.

    Any ideas on what to test or reconfigure on this?

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,024

    Default

    Bypass the traffic, if you trust it. Or upgrade the Untangle hardware, you didn't give it enough. Unencrypted FTP is processed by the AV module just like a file download is via HTTP. The virus blocker gets in the way and causes the performance problem. If you turn off the AV module you can see the speed come back. You can also disable FTP processing in the AV module.

    Choose your poison but performance issues generally indicate deficient hardware.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2