philipfarnes
asked on
deploy.akamaitechnologies.com
hello
we are having network performance problems and when i look at my logs it seems that deploy.akamaitechnologies. com is always using alot of http traffic on our computers
from what i have read about it, alot of companies outsource to them to globally provide web services like streaming, downloads etc.
i would like to block it but hesitant.
also can some advise of a good way of monitoring what traffic each pc on the network is generating?
advise would be great please
thanks
we are having network performance problems and when i look at my logs it seems that deploy.akamaitechnologies.
from what i have read about it, alot of companies outsource to them to globally provide web services like streaming, downloads etc.
i would like to block it but hesitant.
also can some advise of a good way of monitoring what traffic each pc on the network is generating?
advise would be great please
thanks
I agree with BT.
One more thing to try is looking at the logs of your router. Some routers have logs that will list sites visited by individual IP's. I know Netgear ones used to do that.
Hope this helps.
JW
One more thing to try is looking at the logs of your router. Some routers have logs that will list sites visited by individual IP's. I know Netgear ones used to do that.
Hope this helps.
JW
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have two large clients that have been having problems with various PCs tripping off the firewall policies for IP port scanning. Basically, when I look at the firewall logs, I see a bunch of https(443) and ICMP traffic that some, but not all, of the PCs are trying to send to (egress) one of the deploy.akamaitechnologies. com servers. It is not always the same akamai server.
Suffice to say that I have upped the default packet handling thresholds (doubled) the allowance and this has at least stopped the firewall from being so sensitive to it. However, the problem still exists. I haven't yet come up with a good way to block all deploy.akamaitechnologies. com.
I have a central patch management strategy, so blocking it wouldn't be an issue in my mind unless it would block Microsoft Updates.
I have tested modifying the hosts file on one of the computers to route *.deploy.akamaitechnologie s.com to 127.0.0.1 and have also tried just akamaitechnologies.com to 127.0.0.1. The machine still gets replies from the public site on ping test. So trying to block it with the hosts file is not working.
I don't currently have http and https proxy turned on at the firewall and don't want to do that just to block this site.
All my clients use OpenDNS, so I may just try that. However, that is not going to stop the traffic from hitting the local firewall.
If anyone has any other ideas on this matter, I'd like to hear about them.
Suffice to say that I have upped the default packet handling thresholds (doubled) the allowance and this has at least stopped the firewall from being so sensitive to it. However, the problem still exists. I haven't yet come up with a good way to block all deploy.akamaitechnologies.
I have a central patch management strategy, so blocking it wouldn't be an issue in my mind unless it would block Microsoft Updates.
I have tested modifying the hosts file on one of the computers to route *.deploy.akamaitechnologie
I don't currently have http and https proxy turned on at the firewall and don't want to do that just to block this site.
All my clients use OpenDNS, so I may just try that. However, that is not going to stop the traffic from hitting the local firewall.
If anyone has any other ideas on this matter, I'd like to hear about them.
As for that domain, you are right that some legitimate companies use it, but do any of those uses meet your business needs/requirements? If not, then block it. It is better to block something that causes loss of productivity than to have users using network resources for something that is not business related.
If a user does complain, then you can look into a business case for that particular use. You will learn soon enough if there is a legitimate need for that site.