We had a similar problem with our SecuRemote clients recently and the only way we could them back on line was to allow ICMP Destination Unreachable at the Firewall.... which brings me to a question. Is this a good idea? Cheers Mike Bob Brandt <[EMAIL PROTECTED]> on 12/06/2000 16:10:09 Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] (bcc: Mike Anning/WEY/EU/CHEP) Subject: Re: [FW1] web pages load halfway
I have seen a problem with very similar symptoms. Turned out to be a result of too large packets being with the Don't Fragment bit set. Check the Firewall log to see if it is receiving ICMP destination unreacable messages with a cause code of Packet Too Big and DF bit set. If these ICMP messages are not allowed through the firewall, it may not be possible for the endsystems to negotiate, or determine, the maximum Path MTU to be used. You will especially find this type of thing when a mix of different LAN types (Token Ring, ethernet, ...) are invovled. Bob Brandt, 3M corne wrote: > Hi folks > > We have someone requiring assistance with a Solstice Firewall, v3.0b. > > They need to access the web using a satellite service. Internal users point > their browsers to the firewall, the firewall next-proxy's to a proxy sitting > outside the firewall, while this outside proxy in turn proxy's to the > satellite providers head-end. > > They are also running user authentication (for billing purposes). > > The trouble now is that pages only load halfway, or there are some graphics > missing. > > So I'm unsure whether the problem lies with all the millions of handoffs > happening, or with user auth. > > any ideas? > > Regards > Corn� van Dyk > DD Security: Firewall Engineer > Tel: +27 21 659 2002 > Support: +27 21 659 2112 > email: [EMAIL PROTECTED] > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
