Question

Slow internet Access using ISA 2006 - FiX from Microsoft

Asked by: WannabeNerd

Hello everyone,
Not sure if anyone here has experinced any issues related to slow internet access using ISA 2006. I installed it about 3 months ago and soon afterwards reliased that all the users were complaining about slow internet.
I posted here as well about the problem and did eveything but the issue persisted. Only a few days ago i found out about the MS article
http://support.microsoft.com/kb/839510/en-us?spid=2108&sid=global
Now after running the script the the internet access has been much faster with lots of less complaints :-) . Before my browser (both IE and Mozilla) used to time out/freeze but now that is not happening but in general the speed is not same when i use smoothwall for web proxy.

Now my question is. Does ISA generally slows down the access to the internet since it has to apply all the filters and do all th proxying or is it still something which i am missing out ?
Has anyone experinced such issues, if so have you been able to resolve the problem all together.?

Any suggestions please ?

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-01-15 at 07:52:05ID24054879
Tags

Web proxy

,

Firewall

,

Slow Internet

Topic

MS Forefront-ISA

Participating Experts
2
Points
0
Comments
13

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. ISA 2000 server very slow
    my ISA server very slow , and every 10 min my event viewer be full (spoof attack try to connect to my ISA server) please help me thanks.
  2. ISA and DNS
    Pre 2k4 build (ISA 2000) AD domain ------ (internal address: gate = blank) ISA Server(external address : gate = Watchguard)) ------- Watchguard Firewall DNS... AD (ISA as forwarder, recursion) <-------> ISA (Stub zone, do not use recursion, forward ti ISP DNS) <...
  3. ISA Proxy and Smoothwall not talking
    Hi all this has been making me pull out my hair for 3 weeks now and I just can't seem to figure it out!!!! I have been running a Smoothwall for almost a year now with no problems. I had FTP, VPN, SSH, all working like a charm. Well the boss wanted to see what websites his em...
  4. ISA 2006 vs Smoothwall
    we are currently using ISA 2000 and a smoothwall. We have been told that all our computer and server devices should be windows based. i have a couple of questions. 1) do you recommend ISA 2006 over a Smoothwall? 2) does anyone have a step by step instruction to configure the...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: keith_alabasterPosted on 2009-01-15 at 08:08:57ID: 23384766

No, it doesn't and in most cases it can speed operations up.

However, ISA is not a 'toy' application - it needs the correct levels of hardware to be specified, the configuration needs to be 100% in its implementation, it requires analysis on the types of traffic to be allowed/denied and for whom. Unfortuantely most people do not read all of the manuals or go on the prescribed training courses to learn the art - they simply runb the setup CD and think that it will work. Often it does (but ineffectually), the most imes though it only partially delivers. No fault of ISA but, of course, it carries the can and gets known as 'hard work'.

In reality, it is no different from most other major server applications. Biztalk, Sharepoint, System Centre, IAG, ISA, they all need specialist knowledge to get the most (and best) out of them. Any other approach is guesswork and likely false economy.

The majority of my work now is not installing ISA server or IAG but going around and sorting out the absolute mess most people make of their implementations. Basic networking configuration, DNS configuration, routing protocols, gateways, proper subnetting and the like - all need to be correct before ISA even gets installed. This is the same for ANY firewall device not just ISA of course. Anyway, you get my drift.....

So no, when set up as it should be, ISA does not slow down the access. By proper setup of the environment and the caching options it will enhance the performance for Internet access and published applications.

Keith
ISA MVP

 

by: WannabeNerdPosted on 2009-01-15 at 08:24:59ID: 23384933

Thanks for the explanation!!
I know it will be hard to answer but can you tell me the most common problems which i need to look into which in turn causes the slowness.?
I have already verified my DNS settings ,cache is also enabled.
Any counters which i need to monitor?
How about the hardware :- AMD Athlon 64 bit, 2 GB RAM, MS Ser 2003 SE,

Confused !!!

 

by: keith_alabasterPosted on 2009-01-15 at 08:39:27ID: 23385113

DNS - no offence but everyone says their DNS is correct - the majority are not once we investigate.
Service packs and support packs for ISA not being installed.
Poor configuration on the network ports - duplex, speed etc plus crap cabling.
poor implementaion of the ISA firewall policy rules and the ISA system policy rules
lack of understanding in what the organisation actually requires ISA to do for them.
incorrect nic binding sequence
The list goes on really.

Many have never even heard of the BPA, let alone run it and assessed the outputs lol

 

by: WannabeNerdPosted on 2009-01-15 at 08:50:11ID: 23385247

As far as my case is concerned..i am 101 % sure that my DNS is right. All SP's and support packs installed.
Changed the server ports not once but several times. Poor implementation of firewall rules (can be the reason - not sure ).
Been using BPA and it doesnt give any errors.
Well about the nic binding ,i dont know much how and what to do ? I read it at several places about setting up the NIC right. What do i need to check and how to set the binding right.
I am using 2 NIC's . A fast ethernet for the internal LAN and a gigabit for the DMZ. I have an inclination that it has to do something with the NIC's (well i assume so..lol).

 

by: keith_alabasterPosted on 2009-01-15 at 09:41:46ID: 23385759

provide the output from an ipconfig /all from the ISA server
The output from a route print would also be useful

the main DNS issues are that people will insist on putting ISP dns addresses either on their servers or teir workstations - an absolute no-no. The only place the ISP dns should be set is in the forwarders tab on the dns service within your internal DNS servers. The second major cock-up for DNS is putting in a DNS entry on the external nic. i am sure you haven't done this though.

for nic binding, the internal ISA NIC must be bound first - the external (and perimeter nics if you have them) must follow.

There are many issues with Gigabit connections. Not using latest NIC drivers - especially important for Broadcom cards, using a standard CAT5 cable rather than the proper CAT5E or CAT6 (needed for correct gigabit operation) or using a CAT5E cable that is longer than that supported at Gigabit speeds.

 

by: keith_alabasterPosted on 2009-01-15 at 09:43:50ID: 23385779

1. Click Network and Dial-Up connections.
2. On the Advanced menu, click Advanced Settings to display the binding order.
3. Click the internal network adapter, and then move it to the top.

 

by: WannabeNerdPosted on 2009-01-15 at 10:00:03ID: 23385930

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ISA
   Primary Dns Suffix  . . . . . . . : BM.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : abc.com

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Belkin F5D5005 v2000 Gigabit Desktop PCI
Card
   Physical Address. . . . . . . . . : 00-17-3F-9C-0A-A2
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.31.0.200
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.31.0.1

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controlle
r
   Physical Address. . . . . . . . . : 00-18-8B-8E-1A-95
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.8
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.0.0.4
----------------------------------------------------------------------------------------------------------------------

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 17 3f 9c 0a a2 ...... Belkin F5D5005 v2000 Gigabit Desktop PCI Car
d
0x10004 ...00 18 8b 8e 1a 95 ...... Broadcom 440x 10/100 Integrated Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.31.0.1     172.31.0.200     20
         10.0.0.0    255.255.255.0         10.0.0.8         10.0.0.8     20
         10.0.0.8  255.255.255.255        127.0.0.1        127.0.0.1     20
   10.255.255.255  255.255.255.255         10.0.0.8         10.0.0.8     20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
       172.31.0.0    255.255.255.0     172.31.0.200     172.31.0.200     20
     172.31.0.200  255.255.255.255        127.0.0.1        127.0.0.1     20
   172.31.255.255  255.255.255.255     172.31.0.200     172.31.0.200     20
        224.0.0.0        240.0.0.0         10.0.0.8         10.0.0.8     20
        224.0.0.0        240.0.0.0     172.31.0.200     172.31.0.200     20
  255.255.255.255  255.255.255.255         10.0.0.8         10.0.0.8      1
  255.255.255.255  255.255.255.255     172.31.0.200     172.31.0.200      1
Default Gateway:        172.31.0.1
===========================================================================
Persistent Routes:
  None

Well i have change the binding order as you said.
Will look into the driver's tomorrow and maybe i will change the broadcom driver as well.

 

by: keith_alabasterPosted on 2009-01-15 at 10:02:13ID: 23385948

no problem.  i am on UK time but had this afternoon off so I'll be around after about 6.30 GMT tomorrow :)

 

by: WannabeNerdPosted on 2009-01-16 at 04:02:00ID: 23392038

Hi keith,
So did you get any chance to look at the configuration and routes.?
I have already updated (infact they were both running the latest versions.) the network adapters.

 

by: keith_alabasterPosted on 2009-05-17 at 02:57:03ID: 24405606

been doing some housekeeping on questions and just seen this one - i am so sorry- looks like I dropped the ball here. Is this still active?

 

by: WannabeNerdPosted on 2009-06-25 at 06:20:50ID: 24711072

hi,
No you can close this one down. I am now using the Forefront TMG instead of ISA. The problem no longer exisits.

 

by: ee_autoPosted on 2009-08-30 at 01:19:57ID: 25216754

Question PAQ'd, 500 points refunded, and stored in the solution database.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...