[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] MS Outlook some times hangs on dialup connection
Bearing in mind that the answer to this question may well be "because Exchange and/or this topology just needs it" or something to that effect, I'm going to ask anyway: Given that the firewall is supposed to be forwarding data packets with known destinations, vs acting as an NBT proxy, why in the world would putting an LMHOSTS file on the firewall make any difference? And secondarily, if the firewall is hardened so that it no longer speaks NBT, that defeats any usage/value of an LMHOSTS file on the firewall proper. So then what? Doesn't add up. Clue me in. :) -----Original Message----- From: Steve Crume [mailto:[email protected]] Sent: Thursday, April 25, 2002 6:38 AM To: [email protected] Subject: Re: [FW-1] MS Outlook some times hangs on dialup connection The LMHOSTS file should be placed both on the client and on the FIREWALL. If you do not need the LMHOSTS file on the Firewall leave it off, experiment. Many Firewalls may not be able to find the correct path through the Firewall to the internal Microsoft network to the Exchange server. Additionally, the LMHOSTS file should contain the names and IP addresses of any WINS servers and internal DNS servers you may have if running W2K Active Directory Domain Structure. The Primary domain controller (NT4), Domain Controller(ADS), should also be configured in the LMHOSTS file with the DOMAIN name 192.168.XXX.X "ACME12 \0x1b" #PRE. "45*7890" make sure to maintain the correct length between the "". Both the client and Firewall should have the same identical LMHOSTS file. The addition of a HOSTS file should also be used if you are running internal DNS servers. You can also run into problems when more than one mail domain is configured on the Firewall and the same Exchange server. The problem occurs when multiple static NATs and static routes are entered on the Firewall. If you are using Outlook client or Outlook Express with other Email Accounts such as Hotmail, Yahoo, etc.. and you do a dialup session these also become active and look for new mail and can cause severe time-outs accessing the Exchange sever. At this time you are probable doing Split tunnels (DNS) one encrypted, and the other not. The encrypted tunnel will be much slower and timeout. Also look to see if any Firewall software is running on any clients and if it is make sure the IP addresses of the Firewalls external gateway is trusted along with any ISP routers, servers etc along the way. If they have been marked to not trust you may have problems when receiving packets back along another route. Lastly, if you have not included WINS in the Dialup profiles you make want to include these to see if this helps resolve the timeout issue. If all this fails invest in another server and load IIS and OWA for Exchange. You may have to experiment to see which combination returns the greatest returns without compromising security. Running OWA with SSL has solved many of the concerns our customers had with convenient and secure email access. -----Original Message----- From: Datacomm [mailto:[email protected]] Sent: Wednesday, April 24, 2002 3:43 PM To: [email protected] Subject: [FW-1] MS Outlook some times hangs on dialup connection The MS Outlook some times hangs when access exchange server through securemote on dialup connection but works properly when accessed on DSLlink or T1 link. The following is the scenario- Problem : Checkpoint 4.1 SP2 running on NT. The Exchange mail server is on the internal network. The users connect as the exchange client through Securemote. Outlook hangs often when one opens the mails with attachment and sometimes it hangs even if its a small mail. Observations : 1. Since the problem was with outlook I added the Exchange server name in the local lmhosts file. Also changed the rpc binding order in the registry. It looked like it fixed the problem for 5 minutes but it was the same problem again. 2. Even without using the outlook just when running a ping session to a system on the local network I observed Request timed out. After 10 or 20 successful pings it times out and after 2,3 time outs it replies back properly. The timeouts increases if I open mails with attachments. 3. I tried connecting through 3 different ISPs to check if its a problem with the ISP. 4.In order to eliminate the switch which is connected to the external interface of the firewall we disconnected the switch and connected a cross cable directly. But the problem still is observed. 5. The load on the firewall server as well as the exchange server is fine when this hang occurs. 6. The securemote users are configured to use IKE . 7. No error messages are observed in the checkpoint logs. Please let me know if you have some suggestions. Any inputs ? Thanks and regards Vikalp Nagori __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|