Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 864
  • Last Modified:

Internet connection speed intermitent.

Greetings,

I browse from a LAN made up of 80 workstations and have a very capable internet connection but from some days ago, I am experiencing enormous delays to download/upload files for some reason.

My connection config is as follows:

ISA Server (web proxy, gfi webmonitor),edge firewall model (two NIC's, whereas one is LAN and the other the INTERNET);

In a separate computer, I have my LAN server which is the PDC as well as DNS and DHCP "patron";
No client makes a direct connection to 'outside'.

I have connected directly to my router to see whether the problem was from my ISP but the connection speed seemed normal and could even download big files without delays. For e.g. a 65Mb file, connecting directly was downloaded at 250Kb/s, while repeating the procedure passing through the normal configs. it could not go higher than 4Kb/s!!!

I have included snapshots of my ISA firewall policies in case I have my orders wrong.

Best regards.








 First Image Second Image
0
kemitHamite
Asked:
kemitHamite
  • 12
  • 5
  • 3
  • +1
5 Solutions
 
Fred MarshallPrincipalCommented:
How many hosts have this problem?  All of them?  Just some of them?

Have you rebooted all the switches and routers?  I would do that.

Then, if it still persists:

What happens if you insert a switch at the internet server LAN side and plug in a laptop there?  

I suspect a speed conflict or a physical problem or a device that has "lost its mind" needing reboot.
0
 
nickciu10Commented:
Depending on what type of switches you own you may also be able to use a NetFlow Analyzer. This will help pinpoint the bandwidth  issue.
0
 
kemitHamiteAuthor Commented:
i use cnet switches. Will try the reboot procedure in its entirety(i only rebooted the server actually).i already  did try connecting to a switch which is directly connected to the internet LAN. i assume there is nothing wrong with the isa rules right???
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
kemitHamiteAuthor Commented:
i use cnet switches. Will try the reboot procedure in its entirety(i only rebooted the server actually).i already  did try connecting to a switch which is directly connected to the internet LAN. i assume there is nothing wrong with the isa rules right???
0
 
kemitHamiteAuthor Commented:
I tried rebooting every single switch, the router as well as my servers, the issue pervails. It is a strange situation.
I will break it down to make things easier to analyse. The way the browser behaves to download attempts is as if it was negotiating the download attempt by having to go through a validation period (it can sometimes take up to 5 min before it starts downloading!!!). Normal browsing seems normal although with just a little bit of lagg too.

Please bear in mind the fact that I am also using GFI Webmonitor (ISA Server 2006 module).

Rgs
0
 
kemitHamiteAuthor Commented:
Just some additional info, I did a speedtest from my ISA Server, a 1MB file was downloaded at 17Mbps, the same file from a workstation was downloaded at 43Kbps!!!!!!
0
 
JJ2Commented:
The client PCs might be infected with malicious programs or services causing a congestion to the ISA server.

In the ISA server, try monitoring the Destination IPs below and observe if it's getting a hit:

204.152.184.92
204.152.184.139

If yes, those Client PCs registry should be modified by removing the malicious services entries. Must run a good antivirus product.
0
 
kemitHamiteAuthor Commented:
@JJ2,

I simulated a connection to both addresses you provided, the connections went through though It could not resolve both IP's. Tried pinging them either and there were positive responses from both.

What are the services that should be removed from the registry? Any Idea of what malware it could be?

Rgs
0
 
Fred MarshallPrincipalCommented:
"already  did try connecting to a switch which is directly connected to the internet LAN. "

I'm being picky here and you may have done exactly this .. but there's a purpose.  
The intended suggestion was to do this:
Introduce a new, simple switch between the *internet server* and its LAN connection.  
[i.e. not just to any switch on the LAN - which is how one might read your response].
Then, connect a computer to this new switch.
The idea is to bypass all intervening switches and cables on the LAN and get a test as close to the server/gateway as possible to eliminate the possibility of bad hardware on the LAN.
0
 
kemitHamiteAuthor Commented:
Hi fmarshall,

I get your point, besides connecting to a 'normal' switch, I also did connect directly to the gateway, without even passing through the server (just replicated the settings to the NIC on the 'test' computer). The browsing seemed normal.

Rgs
0
 
Fred MarshallPrincipalCommented:
But the Server is a key in your questioning isn't it?  So, I would definitely connect a computer right up to it (thus the switch) on the LAN side and see if the performance running more or less directly through the server is different than the poor performance you're generally seeing on the LAN otherwise.
0
 
kemitHamiteAuthor Commented:
Okay,

I get your point. Will try it right away and get back to you.
0
 
kemitHamiteAuthor Commented:
@fmarshall,

I tried your suggestion, the problem prevails even though I used a separate switch where only my laptop and the DC were connected to.

Any ideas?

Rgs
0
 
JJ2Commented:
While monitoring, did the logs shows that several client PCs are connecting continuously to the destinaion IP Addresses ( 204.152.184.92, 204.152.184.139)?
0
 
Fred MarshallPrincipalCommented:
Problem solving is often a matter of elimination.  So now it appears you've eliminated a number of cables and switches as possible sources of trouble.  And, one hopes, suggestions that target those elements.  The focus can now be on other things.

Here's another experiment:
Temporarily replace the DC with a simple router with NAT.  Does the behavior persist?
0
 
kemitHamiteAuthor Commented:
@fmarshall,

I completely agree with the 'rule of elimination', will try the last suggestion and come back with news tomorrow.

@JJ2,

I ran a simulation through ISA's 'troubleshoot' plugin, and did it by using a single IP to both IP's you provided. How would I do it in a way that could show me how many hosts are attempting a connection to such IP's?

Rgs
0
 
JJ2Commented:
In the ISA server:

Monitoring
Logging
Edit Filter
Filter by>Destination IP
Condition>Equals
Value> 204.152.184.139
Start Query

If there's a hit, it will show the details and you will see the infected clients in the Client IP Tab.
0
 
kemitHamiteAuthor Commented:
@JJ2

I ran the log on the IP's you provided, there was no hit from neither of the IPs. I can ping them though.
0
 
kemitHamiteAuthor Commented:
After a thorough analysis, I reached the conclusion that the 'abnormalities' I reported were caused by the GFI Webmonitor (ISA Server Edition) I have configured on my firewall. As soon as I added the various content types to the list of allowed mime types, everything seemed normal.

I thank everyone who took their time in order to help me find a solution.

Best regards
0
 
Fred MarshallPrincipalCommented:
It seems to me that the process of elimination worked!
0
 
kemitHamiteAuthor Commented:
Agreed, though, as I pointed out, it served as a guideline but did not exactly say what the problem was. In the line of, for eg. the sum of two numbers adds up to 80, find the solution... A pretty simple analogy but hopefully you get my point. The fact that I looked for help from here can also be considered as a process of elimination, doesn't it?

Rgs
"Aut Caesar, Aut Nihill"
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 12
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now