Avatar of BorgusGroup
 asked on

TMG HTTP Latency

I recently moved from ISA 2006 to TMG. Since switching over to TMG, there is a significant performance issue when browsing the web from the clients behind TMG. Whenever opening a browser, it takes a 2 to 5 seconds before the intial page appears. Browsing this page, however, is as fast as it used to be with ISA 2006. Whatever link within the same FQDN will respons as normal. If I open a link on to different FQDN, it will again take a few seconds for the page to appear.

There are no performance issues with this server, there is no packet loss and downloading files is as fast as ever.

It seems TMG is checking the requested URL domain for its validity. This is taking an unacceptably long time. How do I circumvent this? I already tried disabling the Network Inspection and malware protection.

Any sugestions on where to look for this issue would be appreciated.
Software FirewallsMicrosoft Forefront ISA Server

Avatar of undefined
Last Comment

8/22/2022 - Mon

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

Thanks for the tip. I verified this one a few clients. NSLOOKUP returns any new URL instantly. Also DNS structure hasn't changed since migration.

However, the TMG server has 15 NICs ( with 12 virtual NICs for VLANs ) and blocked some of those NICs in the DNS server on TMG. When doing a NSLOOKUP on TMG it times out many times. It seems TMG does verify and requests its own DNS server on NICs that are blocked.

So after unblocking the NICs in DNS for the unused VLANs, the TMG server could resolve faster.

Case closed. Thanks.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy