?
Solved

SonicWall TZ215 Client PC's using internet explorer not getting some websites....firefox OK.

Posted on 2013-02-06
5
Medium Priority
?
2,092 Views
Last Modified: 2013-02-11
Have recently installed above sonic wall.

2 LAN segments routing between then ok for RDP to different servers on different subnets.

Certain users can not display web pages i.e. bbc.co.uk when using internet explorer.

Firefox and other browsers seems ok.

Checked DNS and tracert and all looks ok.

3 servers connected to same switch on the same segment where the client PC's are located work fine through internet explorer with different version of IE also.

Did this below but still no good.......

You are beyond great. Your post pointed us in the right direction--the most recent iteration of the SonicWall Enhanced OS that we have does not have the "Enforce Host Tag Search for CFS" checkbox on the /diag.html page, but the same option is presented in the normal admin console by going to the "Network" area and selecting "Zones," then clicking the config (pencil/paper icon) next to the LAN and WAN interfaces, and unchecking the "Enforce content filtering service" checkbox and committing changes. The end result is the same, and Safari users will love you (and will love YOU by extension ;-) ).

also this

"When CFS is enabled, the device performs additional processing and searches the host tags in HTTP headers. At times, HTTP requests may be spread across several packets with the host tag appearing in a later packet. The host tag search algorithm can encounter a problem if this happens unless this checkbox is disabled. This checkbox should be turned off if the following message in the log is seen: HTTP method detected. Examine stream for host header."



Figure 1 - Advanced setting that makes life better for Safari.

Now, I never did receive that message in the log, but this made sense. Going back and looking at the packet trace, I could see that Safari tended to split up long URLs across packets where other browsers do not, which makes the Sonicwall CFS engine flip out. Here's the bizarre thing: I never use CFS! It's a separate license, and it's not enabled on any Sonicwall I touch. None-the-less, the CFS engine seems to always be engaged.

This is confirmed on SonicOS Enhanced 4.0.0.1-49e, and noted missing on SonicOS 2.x, so, your results may vary.

Strangely, I found nothing about this in any of my searches, even though people - other tech types - have asked me about it. Hope this helps someone out there!



Any other ideas

Thanks

Matt
0
Comment
Question by:pedcom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:wshty
ID: 38859101
so, to summarize this:

- you have no problems with browsing the web on servers (same LAN segment/Switch as the Clients).
- you have no problems on all clients using firefox or chrome
- you have problems on SOME clients, when browsing a site on IE (eg. bbc.co.uk)

is this correct?

then let me ask this: why do you believe that this is a sonicwall issue?

to me it totally sounds like a client problem (maybe a certain GPO, or internet settings on windows explorer?)

regards
0
 

Author Comment

by:pedcom
ID: 38859137
Not saying it is purely a sonicwall issue....

The Sonicwall is the only thing that has changed recently and some client's starting complaining after it went in......slow internet and not displaying all websites.

also in the body of my question 2 people had similar issue's and fixed it by doing what they said on the sonicwall.

Agree could be internet explorer settings....have noticed the IT manager has recently installed an add-in for Iris Document Management system.....however when disable addins and reset explorer settings to default it is still no good.


Cheers

Matt
0
 
LVL 5

Expert Comment

by:wshty
ID: 38859157
hmm okay,

so do you see anything out of the ordinary if you sniff the blocked connection with the built in packet monitor and forcing the error again on the client so it shows up on the monitor?

regards
0
 

Accepted Solution

by:
pedcom earned 0 total points
ID: 38863098
Noticed there was an MTU size setting on the WAN link which was different to the MTU size on the dlink ADSL modem.

Changed sonicwall to match the Dlink MTU size and hey presto internet explorer gets to the problem websites on the client PC's.
0
 

Author Closing Comment

by:pedcom
ID: 38875518
Ii fixed the problem
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question