The graphic attached does a good job of explaining my issue. We have a Juniper SSG5 router segregating our networks, but occasionally we need to copy files from Zone 3 to Zone 1 (our main Trust Zone) -- See the graphic to tell where the zones are. Notice the Trust Zone is 3 Ethernet ports configured as a "BGroup" or "Bridge Group" (they act like a Layer 2 switch). When we attempt this copy, it consistently copies across around 64 KBps (512 Kbps), which is extremely slow. We have a mixed switch environment, but I narrowed the issue down to the Juniper by using two laptops as shown in the image; When both are on ports in the same BGroup0, file copies fly. But when the only thing I change is moving one laptop to the last port my speed drops drastically.
We have no traffic shaping of any kind set. The only firewall policies are to let any service travel between the two zones (e.g. Permit ANY ANY). The zones are part of the same virtual router, so the one big difference between file copies is that traffic is fast when it's only switched, but when it's slow it's actually being routed, and they are on different subnets [192.168.16.x vs 10.2.2.x]. But it shouldn't be that slow! I've tried with the Juniper port settings at Auto-Negotiate and also manually at 100Mb/Full-Duplex, but neither had an effect. Also, Deep Inspection is off.
We have a spare SSG5 and swapped out the hardware, and even upgraded the firmware. No effect.
My second diagram is more extensive, and shows the speeds of laptops placed throughout the network, and after I took Port 0/4 away from BGroup0 and added it (and Port 0/6) to BGroup1, which has Zone 3 policy applied.
I'm not sure what else to let you know; I've scoured the Juniper web config and almost anything to do with traffic shaping or priority or Class-Of-Service is all disabled. I tested enabling it and raising priority for Zone 3 traffic but it didn't help at all. This is driving me crazy. Any helpful suggestions are appreciated.
#routing#ssg5#Slow#SSG5#SSG#speed#VirtualRouter