|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] browsing too slow
I believe that the definitive question depends on how you choose to implement the security server/proxy access. Firewall-1 will work fine without needing dns search capabilities as long as you use transparent access. If you configure your browser to use proxy firewall:80, then the firewall will be required to resolve the ip address. Otherwise, the client pc will resolve, and by logging the rule, you will notice that the actual request is http://ipaddress/further details. Cheers, CryptoTech Steven Schuster wrote: > I do not, and never have, set up my firewall to see a DNS server. I will > admit I don't use domain objects, but that is another issue. I do use the > security servers and have never had a problem not listing a DNS server on my > gateways. > > Steve Schuster, CCSE, CCNA > Midwest ISO > Security Analyst > > -----Original Message----- > From: Sumash Singh [mailto:[email protected]] > Sent: Wednesday, February 14, 2001 11:57 AM > To: 'Dickson, Peter '; FW1-mail (E-mail) > Subject: RE: [FW1] browsing too slow > > Peter, > > I think you are right. If i edit my /etc/resolv.conf file and remove the > forwarding dns servers, then my client browsers cannot resolv the http > names. let me expand. My client pc is setup to do internal dns queries via > an internal dns server but when i want to browse, i use the "http proxy" > feature from fw1. if i diable dns on fw1 by hashing the nameserver entry on > solaris and removing the dns word from /etc/nsswitch.conf, then i cannot > browse from my client machine. > > The issue is that I want to see what kind of DNS queries my fw1 is doing, > whether it is overworked or something like that, maybe by having the ability > to see how many active http sessions are open with the fw1 will help. Any > more thoughts.??? > > Thanx > > Sumash > > -----Original Message----- > From: Dickson, Peter [mailto:[email protected]] > Sent: 14 February 2001 05:44 > To: 'Steven Schuster'; 'Sumash Singh'; FW1-mail (E-mail) > Subject: RE: [FW1] browsing too slow > > Don't do it !!! > > if you have rules that contain domains they NEED to do DNS lookups. > > Also if you use the security servers on the firewall they also require DNS. > > regards > > PD > > -----Original Message----- > > From: Steven Schuster [SMTP:[email protected]] > > Sent: Wednesday, February 14, 2001 2:38 PM > > To: 'Sumash Singh'; FW1-mail (E-mail) > > Subject: RE: [FW1] browsing too slow > > > > ***** This message originated from outside the AA ***** > > > > > > Disable DNS on your FW gateways. What you are most likely experiencing is > > a > > DNS timeout on your firewall, not your client. > > > > Steve Schuster, CCSE, CCNA > > Midwest ISO > > Security Analyst > > > > -----Original Message----- > > From: Sumash Singh [mailto:[email protected]] > > Sent: Wednesday, February 14, 2001 1:54 AM > > To: FW1-mail (E-mail) > > Subject: [FW1] browsing too slow > > > > > > > > Hey all, > > > > I have a very strange issue that I would like to run past you all. Abt 2 > > weeks ago, we noticed that the internet browsing on PC's started to take > > extremely slow. I fire up my browser and type in a URL like www.sun.com > > The > > PC waits and waits and after abt 25-30 secs, just then seems to fly > > through > > the loading of the page. I initially thought that this was a DNS problem. > > But if I do a nslookup from the fw, it returns the IP address immediately. > > This only happens with http though. Any ideas or has anyone experienced > > the > > same b4 > > > > Thanx all > > > > Sumash > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager at [email protected]. > > ********************************************************************** > > > > > > ========================================================================== > > == > > ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ========================================================================== > > == > > ==== > > > > > > ========================================================================== > > ====== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ========================================================================== > > ====== > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager at [email protected]. > ********************************************************************** > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
