[500 Points] Timeout Issues on ISA 2004 w/ Surf Control 5.0 & Pix
Posted on 2006-04-08
I have several hundred machines in a AD2000 domain, with an ISA 2004 Firewall w/ Surf Control (3rd Party) for proxy functions in a back to back config with a Pix firewall. I have an internet based application that uses SSL (443) and I'm experiencing Timeout issues (10060). The configuration has been working fine, and this issue just started a week ago. The ISA query log shows SSL transactions that occasionally fail (no authentication) but it's only 1 in 5, but produces a timeout. When I bypass the proxy, by removing the entry in Internet Explore Proxy settings, this resolves the issue.
I have a dual NIC installed with an Outside / Inside configuration. The server only has 1gig of Ram, and is a single processor 1.2Ghz with the latest bios, and drivers.
I have already done the following:
1. DNS is configured correctly
2. Both ISA & Surf Control have recently been re-installed with no resolve
3. Replaced patch cord, used additional port
4. No changes on the router and the routing and tables look fine.
5. Increased the Cache size on the NIC cards per this forum.
6. Turned off http compression, and other filters per this forum.
7. enabled pMTUDiscovery and other registry options per this forum.
8. Increased TCP/IP receive window per this forum
9. Checked that ISA was routing and no NAT enabled
Though all of these have improved matters and decreased the frequency of the timeout issues, I am still receiving them.
In the ISA firewall log (query based) I am seeing a result pertaining to Graceful Shutdown and Failed/Denied transcations
Question: Is it RAM and/or processor related or is this an AD authentication issue?