[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Missing websites (Part II)
that explanation makes sense. does anyone know how to disable dns cacheing on firewall-1? > Jean-Pierre Harvey wrote: > > Jerry, > > We have similar problems attempting to stream Real Media through a > proxy from Akamai. This is what happens to us: Because Akamai uses DNS > round robin as a form of load balancing, the proxy server (perhaps > FW-1 in your case) caches the DNS entry, and actually performs the > round robin as well. A normal request without a proxy just sends all > packets to one IP address. Since the proxy is performing the round > robin, it effectively sends part one of the request to one server and > the second part of the request to the next server in the round-robin > configuration. Naturally since the second server has never received > the second packet the packet is dropped. > > This may not be your problem. Akamai recommend disabling DNS caching > on the proxy if this is the case (we have not done so). It might be > worth checking those other urls that do not work and seeing if they > are also part of a round robin configuration. Our proxy server works > fine with web content that runs off dns round robin, and so does > Windows Media, just not Real from Akamai. It might be worth disabling > DNS caching on the FW and seeing if that resolves the issue. > > Hope that helps. > > JP > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Friday, May 18, 2001 1:14 AM > To: [email protected] > Subject: [FW1] Missing websites (Part II) > > I'm still having trouble accessing various websites from behind my CP > 4.1(Nokia) SP1 firewall. > I am using it as a proxy for users to authenticate going out. Certain > > websites fail to come back. > The firewall reports that it can't find the server. I can ping and > tracert > the sites but the browser won't > work. If I turn off the proxy, I can most likely get to the site. > One > thing I noticed, a lot of the sites > in question use akamai.net as a host or service site. Could this have > > anything to do with the problems? > Has anyone had anyother problems with CP proxy? > > Jerry Atchley > > Sr. Network Security Administrator > RCI Global Technology Group/Security Ops > RCI, LLC >> > The sender believes that this E-mail and any attachments were free of > any > virus, worm, or Trojan horse when sent. > This message and its attachments could have been infected during > transmission. By reading the message and opening > any attachments, the recipient accepts full responsibility for taking > remedial action about viruses and other defects. > Cendant/RCI is not liable for any loss or damage arising in any way > from > this message or its attachment. > > "The sender believes that this E-mail and any attachments were free of > any > virus, worm, or Trojan Horse when sent. This message and its > attachments > could have been infected during transmission. By reading the message > and > opening any attachments, the recipient accepts full responsibility for > > taking remedial action about viruses and other defects. Cendant/RCI > is not liable for any loss or damage arising in any way from this > message > or its attachment." > > ================================================================================ > > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ -- ************************************************** Jabal Pundrik Raval Firewall Analyst, Detroit Edision. phone:Ever cracked! how can you live with that. - www.distributed.net ************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|