NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] browsing too slow



I do not, and never have, set up my firewall to see a DNS server.  I will
admit I don't use domain objects, but that is another issue.  I do use the
security servers and have never had a problem not listing a DNS server on my
gateways.

Steve Schuster, CCSE, CCNA
Midwest ISO
Security Analyst



-----Original Message-----
From: Sumash Singh [mailto:[email protected]]
Sent: Wednesday, February 14, 2001 11:57 AM
To: 'Dickson, Peter '; FW1-mail (E-mail)
Subject: RE: [FW1] browsing too slow



Peter,

I think you are right. If i edit my /etc/resolv.conf file and remove the
forwarding dns servers, then my client browsers cannot resolv the http
names. let me expand. My client pc is setup to do internal dns queries via
an internal dns server but when i want to browse, i use the "http proxy"
feature from fw1. if i diable dns on fw1 by hashing the nameserver entry on
solaris and removing the dns word from /etc/nsswitch.conf, then i cannot
browse from my client machine. 

The issue is that I want to see what kind of DNS queries my fw1 is doing,
whether it is overworked or something like that, maybe by having the ability
to see how many active http sessions are open with the fw1 will help. Any
more thoughts.???

Thanx 

Sumash

-----Original Message-----
From: Dickson, Peter [mailto:[email protected]]
Sent: 14 February 2001 05:44
To: 'Steven Schuster'; 'Sumash Singh'; FW1-mail (E-mail)
Subject: RE: [FW1] browsing too slow



Don't do it !!!

if you have rules that contain domains they NEED to do DNS lookups.

Also if you use the security servers on the firewall they also require DNS.


	regards

PD
> -----Original Message-----
> From:	Steven Schuster [SMTP:[email protected]]
> Sent:	Wednesday, February 14, 2001 2:38 PM
> To:	'Sumash Singh'; FW1-mail (E-mail)
> Subject:	RE: [FW1] browsing too slow
> 
> ***** This message originated from outside the AA *****
> 
> 
> Disable DNS on your FW gateways.  What you are most likely experiencing is
> a
> DNS timeout on your firewall, not your client.  
> 
> Steve Schuster, CCSE, CCNA
> Midwest ISO
> Security Analyst
> 
> -----Original Message-----
> From: Sumash Singh [mailto:[email protected]]
> Sent: Wednesday, February 14, 2001 1:54 AM
> To: FW1-mail (E-mail)
> Subject: [FW1] browsing too slow
> 
> 
> 
> Hey all,
> 
> I have a very strange issue that I would like to run past you all. Abt 2
> weeks ago, we noticed that the internet browsing on PC's started to take
> extremely slow. I fire up my browser and type in a URL like www.sun.com
> The
> PC waits and waits and after abt 25-30 secs, just then seems to fly
> through
> the loading of the page. I initially thought that this was a DNS problem.
> But if I do a nslookup from the fw, it returns the IP address immediately.
> This only happens with http though. Any ideas or has anyone experienced
> the
> same b4
> 
> Thanx all
> 
> Sumash
> 
> 
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager at [email protected].
> **********************************************************************
> 
> 
> ==========================================================================
> ==
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ==
> ====
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager at [email protected].
**********************************************************************


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.