I'm facing issue with an embedded device webpage. Webpage of the device works fine when used directly in local intranet but when its behind one corporate firewall it becomes extensively slow. When i wireshark the packets i found
Please help me with this i'm trying to figure this out..any help will be greatly appreciated. Please let me know if you need wireshark captures on both ends i have captured at both ends in parallel
asked 12 Feb '14, 05:26
edited 12 Feb '14, 06:20
Kurt Knochner ♦
well, that's a first sign for the source of the problem ;-) If it's a firewall with content inspection for HTTP (AV, URL filter, etc.), it's absolutely 'normal' that the access through the firewall is slower than in the local network. How much slower, depends on the capacity of the firewall, the firewall configuration, etc.
that's the second sign for the source of the problem. Either there is a transparent proxy on the firewall (see content inspection above) or the port change is the result of a NAT operation. But then you should see a different source IP as well.
hard to answer. It depends who sets the ECN flag. If it's the client (browser), it would be kind of strange. If it's the firewall (or a QoS or WAN acceleration device), I would understand it for certain conditions.
Sure. Every proxy will slow down the connection, compared to a direct local access, as the proxy might also have content inspection (AV, URL filtering) enabled, which obviously costs some time to perform. How much time it costs, depends on the capacity of the proxy, the proxy configuration and where the proxy is placed in your network.
Go ahead and post them somewhere (google drive, dropbox, cloudshark).
However, based on your description and my experience, I recommend to talk to the firewall/proxy admins how to solve the problem by configuring exceptions for your web gui access.
answered 13 Feb '14, 14:55
Kurt Knochner ♦
The ip addresses 126.96.36.199/5 are actually a NAT devices. In this trace there are at least two different clients coming from the same NATed IP address.
As for the 'extensively slow' problem: You don't support window-scaling in your SYN_ACKs which over long latency connections will be causing performance degradation as the advertized windowsizes will never exceed 64k.
answered 13 Feb '14, 22:43