Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Netscreen 5GT Resetting Connection??

Posted on 2006-11-01
4
Medium Priority
?
676 Views
Last Modified: 2008-01-09
I installed our Netscreen firewall on Friday.  (Netscreen 5GT)  Since then I’ve been having some problems with the Internet connection not being quite right.  I would say 1 out of every 15 pageviews responds in a timeout.  Though a refresh usually does the job.  In firefox, this is the message I’m getting:

http://img519.imageshack.us/img519/3578/firefoxconnectionresetyq8.gif

As for Windows Messenger – it has been having serious problems too.

What could be my problem?  Could it be DNS?  Every time I try a ping or nslookup it works fine.  Could it be the full / half duplex stuff?  What else could be causing this?  For the most part the Internet works – but just sometimes it does not.

My settings:

Trust / Untrust Mode

External IPs:  A /28 pointing at this firewall.  A few MIPs pointing to internal servers on a specific network address.

Internal (192.168.1.1/32) which is set as the trust.  We’re using DHCP on this network from 192.168.1.100 to 192.168.1.150.

It’s my suspicion that it’s a NAT setting or something.  The computers on the MIPs don’t seem to have any issue.  (Thus, the computers that are not public in any way, or that are not doing DNS.)  The reason for the IP addresses and MIPs is for simple web hosting, etc.
0
Comment
Question by:rebies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 1

Author Comment

by:rebies
ID: 17855092
To clarify

Internet <> DSL Modem <> Firewall <> Switch <> Internal Computers

Yes, most of the Internet works.  (HTTP, Mail, IM, etc)  But sometimes it's just not working.  The best example is the Firefox screenshot above.  In IE it's just a blank page sometimes.   People are signing in and out of MSN Instant Messanger all day.

So - for the most part it works.  But it's droping connections or just not allowing some randomly.  Yes, I have a policy set up that is From Trust to Untrust, any source, any destination, any service, action = Permit.
0
 
LVL 1

Author Comment

by:rebies
ID: 17855534
Antoher note that might help..??  In the Reports > Counters > Flow I see...

illegal pak 4304

I'm not exactly sure what this is or if this might indicate a problem.  But it is almost like the NetScreen is screening and droping some packets or not allowing them..
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 17868476
What kind of licensing do you have ?

Cheers,
Rajesh
0
 
LVL 1

Author Comment

by:rebies
ID: 18001392
Rajesh,

Question got the better of me.  Never figured it out.  Answer accepted for being the only one to help.

Andrew
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question