[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ISA 2004 going slow, boss got a gun :(

Posted on 2006-04-26
9
Medium Priority
?
4,909 Views
Last Modified: 2013-11-16
Helllllllllp !

SBS 2003, Isa 2004 with all service packs. 15 users.
Been playing around with internet authorised sites recently, and somehow ISA is going really slowly now. I have searched previous posts but could not find a solution. I have deleted all previous rules that i was playing with, but the internet is still really slow. Imported a previous export from way back in February, and still it goes slow :(

I have not got a scooby doo how to fix it!

Here are the rules that are present on the system (Always meant to go back and tidy these up!!!)

             All rules are set for all users

  Protocol                                     From                          To

1 Ping                   Int            External
                  Local Host      Internal      
                  VPN CLient      Local Host

2 DHCP (Request)      Internal      Local Host
                  VPNClients

3 DHCP (Reply)            Local Host      Internal
                  VPN CLients
            
4 Netbios Datagram                      VPN CLients      Internal
   Netbios Name Service                  Local Host

5 All Outbound Traffic                      Internal                      Internal
                              Local Host

6 DNS                  VPN CLients      Internal
   RPC (all interfaces)                      Local Host

7 DNS                  Internal                     External
                  VPN CLients      

8 SMTP                  Internal                      External
                  Local Host
                  VPN Client

9 POP3                  Internal                      External
                  Local Host

10 FTP                   Internal                      External
                  Local Host
                  VPN CLients

11 FTP (Port 10035-40)      Internal                      Internal
                  VPN CLients      Local Host

12 All Outbound traffic      VPN Clients      Internal

13 PPTP                  Internal                      External
                  Local Host

14 4500 UDP            Internal                      External
    Discard UDP            Local Host
    IKE Client
    IPSec Nat-T Client
    Sonicwall port 1745

15 2967 RDP VPN
    RDP termainl service              Local Host                      External
                  VPN CLients      Internal

16 RDP terminal service      External                      Internal
                  VPN Client                      Local Host

17 RDP Terminal service      Internal                      External      
                  VP Clients

18 PC Anywhere             Internal                      External
                  Local Host

19 VNC                  Internal                      External
                  Local Host                      Internal
                              Local Host

20 HTTP                  CEO Laptop      External
    HTTPS            

21 HTTP                  Internal                      External
    HTTPS                            Local Host
                  VPN Clients

22 HTTP                  VPN CLients      Internal
    HTTPS      

23 Port 2009            Internal      External

24 Deny all traffic
0
Comment
Question by:j4jack
  • 4
  • 4
9 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16548032
ipconfig /all from the server please.
Your rule list (the order) looks a bit iffy....
Should have a dns rule right at the beginning really. Difficult to read your ouput but i cannot see it until about rule 21

Open the ISA GUI.
Select monitoring - alerts... Anything in here?
Select monitoring - logging - click on start query. make a connection. All look clean in the traffic logs?

Anything in the MS Event logs?When did you put the service packs on. Around the same time you saw the speed slowdowN

Is the cache enabled on ISA?
What rules have you added to the default, if any?
Are all the rules in the firewall enabled or are some disabled but still in the list?

Have you messed with the system policy? I know the answer is yes as the dhcp rules are in place. You do not need to create these rules as they are there in the system policy already; they just need configuring.

Are the VPN users seeing poor performance or is it just the web browsing for internal users having the issue?

Regards
keith
ISA MCT
0
 
LVL 1

Expert Comment

by:alexisv
ID: 16580285
Are you sure is the ISA that is causing the slow performance?
Check the memory and procesor utilization

If the ISA seems fine , go into the router and check the utilization, specially the incoming http traffic. Maybe youre been hit by a scanner or hacker.

Let us know what you find.
0
 
LVL 1

Author Comment

by:j4jack
ID: 16595018
Sorry for the delay...been off for the bank holdiay :)
Windows IP Configuration
   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : Hospitality.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : Hospitality.local

Ethernet adapter Server Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-C0-9F-1B-45-DA
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2

Ethernet adapter SonicWALL Virtual Adapter:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : SonicWALL VPN Adapter
   Physical Address. . . . . . . . . : 00-60-73-E3-1A-CF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : No
   IP Address. . . . . . . . . . . . : 223.1.1.128
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 223.1.1.2
   Lease Obtained. . . . . . . . . . : 25 April 2006 15:07:52
   Lease Expires . . . . . . . . . . : 25 April 2007 15:07:52

PPP adapter RAS Server (Dial In) Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.32
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

PPP adapter BT:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 217.35.94.139
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 194.74.65.68
                                       194.72.0.114
   NetBIOS over Tcpip. . . . . . . . : Disabled


Monitoring, then alerts shows:

First Alerts:
Description: Disk cache C:\urlcache\Dir1.cdat failed to initialize, but then later.....
Data cache file C:\urlcache\Dir1.cdat was recovered....then
Data cache was recovered

Second Alert:
Description: ISA Server detected routes through adapter SonicWALL Virtual Adapter that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 0.0.0.1-126.255.255.255;128.0.0.0-192.168.15.255;192.168.17.0-223.1.0.255;223.1.2.0-223.255.255.255;240.0.0.0-255.255.255.254;.
<br>ISA Server detected routes through adapter Loopback that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 217.35.94.139-217.35.94.139;.

Third Alert:
Description: The response was rejected because the compression type (the HTTP Content-Encoding attribute) is unsupported. ISA Server supports only gzip compression.

Monitoring, the logging for my desktop IP 192.168.16.21 shows no errors when access an external web site - just goes really slowly.

Service Packs were installed over 6 months ago.
Cache is enabled on the ISA box
MS Event logs show this error : SMTP could not connect to the DNS server '192.168.16.2'. The protocol used was 'UDP'. It may be down or inaccessible.
VPN users are OK
Memory & Processor usage look OK
There is no separate router..its SBS 2003 configured as edge firewall.
Only ISA rule that is disabled at the moment is one the I originally created that from ip 192.168.16.21 only allows permitted websites at certain times of the day.

I might be better to uninstall and reinstall me thinks :(








0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16599713
Main issue from the alerts is no 2.

Open the gui, select configuration networks.
Double click internal and select addresses. What is in this list?

alert 3.
You have (it sounds like) amended the general config.
Select configuration - general- http compression preferences. have you amended anything in here?
0
 
LVL 1

Author Comment

by:j4jack
ID: 16603731
Configuration, networks:

Addresses Tab
192.168.10.0-192.168.10.255
and 192.168.16.0-192.168.16.255

Domains Tab:
*.hospitality.local

Web Browser Tab:
Bypass for webservers in this network
Directly access computers in the domain
if ISA unavailable use direct access

Firewall Client Tab:
enable client - server.hospitality.local
auto detect
use auto config script - default URL
use web proxy server - server.hospitality.local

Web Proxy Tab:
enable web proxy clients
enable http - port 8080, (advanced tab) integrated authentication, unlimited connections

Http Compression - nothing set in the network settings, nothing in the content types, and content inspection is ticked.
0
 
LVL 1

Author Comment

by:j4jack
ID: 16603769
Oh, and under the Network Tab, under Local Host it says "no ip addresses are associated with this network", and the web proxy tab is set to enable http port 8080, and enable ssl port 8443 with certificate server.hospitality.local
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16608047
OK, thanks.
So, the addresses section is sweet. Exactly right.
Local host is correct. it picks up the ip addresses from the internal configuration.

How are your clients connecting?
Web proxy?
SecureNAT?
ISA firewall client?

Little confused between your ppp/slip interface and your virtual sonicwall interface?
Neither seem to have a deafult gateway; shouldn't one of them be pointing to your external gateway?
0
 
LVL 1

Author Comment

by:j4jack
ID: 16609510
Hey Keith, thanks for coming back to me.....everyone was screaming about it today...so bit the bullet and uninstalled/re-installed isa and service pack 1 again. from that point on all was sweet....picked default rule for limited internet, all came working back at speed again! :)  then configured the first rule to allow all traffic from internal to local host and vice versa, (therefore elimanating about 20 odd rules that i did not need!) just added the own custom rules for vnc, e-mail etc. whole thing is much neater - as mentioned i did mean to go back and tidy up those rules. Thanks for your assistance ! points r yours for pointing me in the right direction. Cheers!
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16609537
Your welcome. Its frustrating but sometimes'biting the bullet' is the best course. nice going Jack.

regards
Keith
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question