[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] browsing too slow
Set your internal DNS server up as caching only, and allow the DNS service one way straight through the firewall for the DNS server only ? ----- Original Message ----- From: Sumash Singh <[email protected]> To: 'Dickson, Peter ' <[email protected]>; FW1-mail (E-mail) <[email protected]> Sent: 14 February 2001 16:57 Subject: RE: [FW1] browsing too slow > > Peter, > > I think you are right. If i edit my /etc/resolv.conf file and remove the > forwarding dns servers, then my client browsers cannot resolv the http > names. let me expand. My client pc is setup to do internal dns queries via > an internal dns server but when i want to browse, i use the "http proxy" > feature from fw1. if i diable dns on fw1 by hashing the nameserver entry on > solaris and removing the dns word from /etc/nsswitch.conf, then i cannot > browse from my client machine. > > The issue is that I want to see what kind of DNS queries my fw1 is doing, > whether it is overworked or something like that, maybe by having the ability > to see how many active http sessions are open with the fw1 will help. Any > more thoughts.??? > > Thanx > > Sumash > > -----Original Message----- > From: Dickson, Peter [mailto:[email protected]] > Sent: 14 February 2001 05:44 > To: 'Steven Schuster'; 'Sumash Singh'; FW1-mail (E-mail) > Subject: RE: [FW1] browsing too slow > > > > Don't do it !!! > > if you have rules that contain domains they NEED to do DNS lookups. > > Also if you use the security servers on the firewall they also require DNS. > > > regards > > PD > > -----Original Message----- > > From: Steven Schuster [SMTP:[email protected]] > > Sent: Wednesday, February 14, 2001 2:38 PM > > To: 'Sumash Singh'; FW1-mail (E-mail) > > Subject: RE: [FW1] browsing too slow > > > > ***** This message originated from outside the AA ***** > > > > > > Disable DNS on your FW gateways. What you are most likely experiencing is > > a > > DNS timeout on your firewall, not your client. > > > > Steve Schuster, CCSE, CCNA > > Midwest ISO > > Security Analyst > > > > -----Original Message----- > > From: Sumash Singh [mailto:[email protected]] > > Sent: Wednesday, February 14, 2001 1:54 AM > > To: FW1-mail (E-mail) > > Subject: [FW1] browsing too slow > > > > > > > > Hey all, > > > > I have a very strange issue that I would like to run past you all. Abt 2 > > weeks ago, we noticed that the internet browsing on PC's started to take > > extremely slow. I fire up my browser and type in a URL like www.sun.com > > The > > PC waits and waits and after abt 25-30 secs, just then seems to fly > > through > > the loading of the page. I initially thought that this was a DNS problem. > > But if I do a nslookup from the fw, it returns the IP address immediately. > > This only happens with http though. Any ideas or has anyone experienced > > the > > same b4 > > > > Thanx all > > > > Sumash > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager at [email protected]. > > ********************************************************************** > > > > > > ========================================================================== > > == > > ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ========================================================================== > > == > > ==== > > > > > > ========================================================================== > > ====== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ========================================================================== > > ====== > > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager at [email protected]. > ********************************************************************** > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|