Website is slow when put behind vm-series 300

cancel
Showing results for 
Search instead for 
Did you mean: 

Website is slow when put behind vm-series 300

L1 Bithead

We have deployed vm-series 300 in AWS recently and put our production site behind it, but we are seeing a performance degradation, the website is taking around 2-3 mins to load for the first time which normally it didnt take, we have not put any url filtering profiles yet but yes we do have some security and nat profiles in place(which normal I believe), I just wanted to understand what could be the reason for the slowness and what all things can be checked in PA to troubleshoot.

 

PS: I am attaching a screenshot of developers tool console to show time it takes for the page to load first timeScreenshot 2021-04-12 at 11.29.58 PM.png

14 REPLIES 14

L3 Networker

Hi Tariq87, 

Can you please open a support case so we can look into this issue and help to troubleshoot it further?
 
Thank you.

L3 Networker
Hi Tariq87,
Can you please open a support case so we can look into this issue and help
to troubleshoot it further?

L2 Linker

How are you directing traffic to the firewalls?  If you are using an ALB/NLB, ensure that your routing allows the firewalls to communicate with all of the LB Subnets via the same interface that is specified in the Target Group.   Similar question on the backend.  If the application is deployed across multiple subnets, ensure the firewall can route to all of the backend subnets via the SNAT interface.

Yes, we are using NLB, which is deployed in 2 subnets across 2 az's, the backed firewalls are also in the same AZ's. The backend to the firewall is an Haproxy which are also spread across the same az's.

What else can I check?

There is a very good chance that your external interface cannot route to the NLB subnet in the other zone or that your Trust side interface cannot route to the other zone.  If you can post your subnet lists and your firewall VR "More Runtime Stats", we may be able to see the issue.  

 

Also watch that you do not have "Automatically create default route pointing to default gateway provided by server" enabled on both of your interfaces.

I am sure of the second point you have mentioned, no we did not do that.

For the first, I'll check and get back to u

How can I do that?

@Tariq87 

see below on the picture. You have to make sure that on the interface on the firewall are you not select "Automatically create default route....."

Screenshot 2021-04-13 at 05.02.25.png

Yes, we have not selected this for the trust interface

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!