hi,
i have a ASG installed as virtual appliance on vmware esxi. Version 8.200. 2NICs, Internet and DMZ.
I have a web server wich is on DMZ network. Surfing the web from this machine via the ASG is not as fast but normal.
I have set up a DNAT rule to publish this web server on the Internet. From a totally independent internet connection i try to surf it and is very slow (meaning 5 minutes for downloading a phpinfo() page).
The web server is ok, if i give it a nic on the public network surfing is fast.
For a comparison i have set up a linux machine with iptables, added a Port Forwarding rule for publishing the web server and the behaviour is the same.
On this machine i have run tcpdump and seen this message
"fw01.mon.local > web01.mon.local: ICMP fw01.mon.local unreachable - need to frag (mtu 1500), length 556"
trying to decrease the MTU on the internet NIC to 500 "solved" the issue.
Doing the same on the ASG NICs did not changed anything.
I'm reporting this to give more details on my issue.
Guest User!
You are not Sophos Staff.
