[500 Points] Timeout Issues on ISA 2004 w/ Surf Control 5.0 & Pix

Posted on 2006-04-08
Last Modified: 2013-11-16
I have several hundred machines in a AD2000 domain, with an ISA 2004 Firewall w/ Surf Control (3rd Party) for proxy functions in a back to back config with a Pix firewall. I have an internet based application that uses SSL (443) and I'm experiencing Timeout issues (10060). The configuration has been working fine, and this issue just started a week ago. The ISA query log shows SSL transactions that occasionally fail (no authentication) but it's only 1 in 5, but produces a timeout. When I bypass the proxy, by removing the entry in Internet Explore Proxy settings, this resolves the issue.

I have a dual NIC installed with an Outside / Inside configuration. The server only has 1gig of Ram, and is a single processor 1.2Ghz with the latest bios, and drivers.

I have already done the following:
1. DNS is configured correctly
2. Both ISA & Surf Control have recently been re-installed with no resolve
3. Replaced patch cord, used additional port
4. No changes on the router and the routing and tables look fine.
5. Increased the Cache size on the NIC cards per this forum.
6. Turned off http compression, and other filters per this forum.
7. enabled pMTUDiscovery and other registry options per this forum.
8. Increased TCP/IP receive window per this forum
9. Checked that ISA was routing and no NAT enabled

Though all of these have improved matters and decreased the frequency of the timeout issues, I am still receiving them.
In the ISA firewall log (query based) I am seeing a result pertaining to Graceful Shutdown and Failed/Denied transcations

Question: Is it RAM and/or processor related or is this an AD authentication issue?

Question by:dlee9

    Author Comment

    I answered my own question.
    For the benefit of those that have had similar issues.. the following website offers all the information you need
    LVL 51

    Accepted Solution

    Sorry Dlee, I've been away all of today with my kids.
    If you post a question (its free) in the community section, a moderator will PAQ the question here and refund your points.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Thank You :)

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Sonicwall NSA 5500 7 112
    Need Advise - System / Network Security 4 41
    sftp access 4 44
    Best firewall recommendation 12 131
    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now