Re: [FW1] browsing too slow

Wed, 14 Feb 2001 10:59:35 -0800 


Set your internal DNS server up as caching only, and allow the DNS service
one way straight through the firewall for the DNS server only ?


----- Original Message -----
From: Sumash Singh <[EMAIL PROTECTED]>
To: 'Dickson, Peter ' <[EMAIL PROTECTED]>; FW1-mail (E-mail)
<[EMAIL PROTECTED]>
Sent: 14 February 2001 16:57
Subject: RE: [FW1] browsing too slow


>
> Peter,
>
> I think you are right. If i edit my /etc/resolv.conf file and remove the
> forwarding dns servers, then my client browsers cannot resolv the http
> names. let me expand. My client pc is setup to do internal dns queries via
> an internal dns server but when i want to browse, i use the "http proxy"
> feature from fw1. if i diable dns on fw1 by hashing the nameserver entry
on
> solaris and removing the dns word from /etc/nsswitch.conf, then i cannot
> browse from my client machine.
>
> The issue is that I want to see what kind of DNS queries my fw1 is doing,
> whether it is overworked or something like that, maybe by having the
ability
> to see how many active http sessions are open with the fw1 will help. Any
> more thoughts.???
>
> Thanx
>
> Sumash
>
> -----Original Message-----
> From: Dickson, Peter [mailto:[EMAIL PROTECTED]]
> Sent: 14 February 2001 05:44
> To: 'Steven Schuster'; 'Sumash Singh'; FW1-mail (E-mail)
> Subject: RE: [FW1] browsing too slow
>
>
>
> Don't do it !!!
>
> if you have rules that contain domains they NEED to do DNS lookups.
>
> Also if you use the security servers on the firewall they also require
DNS.
>
>
> regards
>
> PD
> > -----Original Message-----
> > From: Steven Schuster [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 14, 2001 2:38 PM
> > To: 'Sumash Singh'; FW1-mail (E-mail)
> > Subject: RE: [FW1] browsing too slow
> >
> > ***** This message originated from outside the AA *****
> >
> >
> > Disable DNS on your FW gateways.  What you are most likely experiencing
is
> > a
> > DNS timeout on your firewall, not your client.
> >
> > Steve Schuster, CCSE, CCNA
> > Midwest ISO
> > Security Analyst
> >
> > -----Original Message-----
> > From: Sumash Singh [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 14, 2001 1:54 AM
> > To: FW1-mail (E-mail)
> > Subject: [FW1] browsing too slow
> >
> >
> >
> > Hey all,
> >
> > I have a very strange issue that I would like to run past you all. Abt 2
> > weeks ago, we noticed that the internet browsing on PC's started to take
> > extremely slow. I fire up my browser and type in a URL like www.sun.com
> > The
> > PC waits and waits and after abt 25-30 secs, just then seems to fly
> > through
> > the loading of the page. I initially thought that this was a DNS
problem.
> > But if I do a nslookup from the fw, it returns the IP address
immediately.
> > This only happens with http though. Any ideas or has anyone experienced
> > the
> > same b4
> >
> > Thanx all
> >
> > Sumash
> >
> >
> > **********************************************************************
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager at [EMAIL PROTECTED]
> > **********************************************************************
> >
> >
> >
==========================================================================
> > ==
> > ====
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> >
==========================================================================
> > ==
> > ====
> >
> >
> >
==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> >
==========================================================================
> > ======
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager at [EMAIL PROTECTED]
> **********************************************************************
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to