rebies
asked on
Netscreen 5GT Resetting Connection??
I installed our Netscreen firewall on Friday. (Netscreen 5GT) Since then I’ve been having some problems with the Internet connection not being quite right. I would say 1 out of every 15 pageviews responds in a timeout. Though a refresh usually does the job. In firefox, this is the message I’m getting:
http://img519.imageshack.us/img519/3578/firefoxconnectionresetyq8.gif
As for Windows Messenger – it has been having serious problems too.
What could be my problem? Could it be DNS? Every time I try a ping or nslookup it works fine. Could it be the full / half duplex stuff? What else could be causing this? For the most part the Internet works – but just sometimes it does not.
My settings:
Trust / Untrust Mode
External IPs: A /28 pointing at this firewall. A few MIPs pointing to internal servers on a specific network address.
Internal (192.168.1.1/32) which is set as the trust. We’re using DHCP on this network from 192.168.1.100 to 192.168.1.150.
It’s my suspicion that it’s a NAT setting or something. The computers on the MIPs don’t seem to have any issue. (Thus, the computers that are not public in any way, or that are not doing DNS.) The reason for the IP addresses and MIPs is for simple web hosting, etc.
http://img519.imageshack.us/img519/3578/firefoxconnectionresetyq8.gif
As for Windows Messenger – it has been having serious problems too.
What could be my problem? Could it be DNS? Every time I try a ping or nslookup it works fine. Could it be the full / half duplex stuff? What else could be causing this? For the most part the Internet works – but just sometimes it does not.
My settings:
Trust / Untrust Mode
External IPs: A /28 pointing at this firewall. A few MIPs pointing to internal servers on a specific network address.
Internal (192.168.1.1/32) which is set as the trust. We’re using DHCP on this network from 192.168.1.100 to 192.168.1.150.
It’s my suspicion that it’s a NAT setting or something. The computers on the MIPs don’t seem to have any issue. (Thus, the computers that are not public in any way, or that are not doing DNS.) The reason for the IP addresses and MIPs is for simple web hosting, etc.
ASKER
Antoher note that might help..?? In the Reports > Counters > Flow I see...
illegal pak 4304
I'm not exactly sure what this is or if this might indicate a problem. But it is almost like the NetScreen is screening and droping some packets or not allowing them..
illegal pak 4304
I'm not exactly sure what this is or if this might indicate a problem. But it is almost like the NetScreen is screening and droping some packets or not allowing them..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rajesh,
Question got the better of me. Never figured it out. Answer accepted for being the only one to help.
Andrew
Question got the better of me. Never figured it out. Answer accepted for being the only one to help.
Andrew
ASKER
Internet <> DSL Modem <> Firewall <> Switch <> Internal Computers
Yes, most of the Internet works. (HTTP, Mail, IM, etc) But sometimes it's just not working. The best example is the Firefox screenshot above. In IE it's just a blank page sometimes. People are signing in and out of MSN Instant Messanger all day.
So - for the most part it works. But it's droping connections or just not allowing some randomly. Yes, I have a policy set up that is From Trust to Untrust, any source, any destination, any service, action = Permit.