I have seen a problem with very similar symptoms. Turned out to be a result of
too large packets being with the Don't Fragment bit set.
Check the Firewall log to see if it is receiving ICMP destination unreacable
messages with a cause code of Packet Too Big and DF bit set.
If these ICMP messages are not allowed through the firewall, it may not be possible
for the endsystems to negotiate, or determine, the
maximum Path MTU to be used. You will especially find this type of thing when a
mix of different LAN types (Token Ring, ethernet, ...) are
invovled.
Bob Brandt, 3M
corne wrote:
> Hi folks
>
> We have someone requiring assistance with a Solstice Firewall, v3.0b.
>
> They need to access the web using a satellite service. Internal users point
> their browsers to the firewall, the firewall next-proxy's to a proxy sitting
> outside the firewall, while this outside proxy in turn proxy's to the
> satellite providers head-end.
>
> They are also running user authentication (for billing purposes).
>
> The trouble now is that pages only load halfway, or there are some graphics
> missing.
>
> So I'm unsure whether the problem lies with all the millions of handoffs
> happening, or with user auth.
>
> any ideas?
>
> Regards
> Corn� van Dyk
> DD Security: Firewall Engineer
> Tel: +27 21 659 2002
> Support: +27 21 659 2112
> email: [EMAIL PROTECTED]
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
