SonicWall TZ215 Client PC's using internet explorer not getting some websites....firefox OK.
Posted on 2013-02-06
Have recently installed above sonic wall.
2 LAN segments routing between then ok for RDP to different servers on different subnets.
Certain users can not display web pages i.e. bbc.co.uk when using internet explorer.
Firefox and other browsers seems ok.
Checked DNS and tracert and all looks ok.
3 servers connected to same switch on the same segment where the client PC's are located work fine through internet explorer with different version of IE also.
Did this below but still no good.......
You are beyond great. Your post pointed us in the right direction--the most recent iteration of the SonicWall Enhanced OS that we have does not have the "Enforce Host Tag Search for CFS" checkbox on the /diag.html page, but the same option is presented in the normal admin console by going to the "Network" area and selecting "Zones," then clicking the config (pencil/paper icon) next to the LAN and WAN interfaces, and unchecking the "Enforce content filtering service" checkbox and committing changes. The end result is the same, and Safari users will love you (and will love YOU by extension ;-) ).
"When CFS is enabled, the device performs additional processing and searches the host tags in HTTP headers. At times, HTTP requests may be spread across several packets with the host tag appearing in a later packet. The host tag search algorithm can encounter a problem if this happens unless this checkbox is disabled. This checkbox should be turned off if the following message in the log is seen: HTTP method detected. Examine stream for host header."
Figure 1 - Advanced setting that makes life better for Safari.
Now, I never did receive that message in the log, but this made sense. Going back and looking at the packet trace, I could see that Safari tended to split up long URLs across packets where other browsers do not, which makes the Sonicwall CFS engine flip out. Here's the bizarre thing: I never use CFS! It's a separate license, and it's not enabled on any Sonicwall I touch. None-the-less, the CFS engine seems to always be engaged.
This is confirmed on SonicOS Enhanced 188.8.131.52-49e, and noted missing on SonicOS 2.x, so, your results may vary.
Strangely, I found nothing about this in any of my searches, even though people - other tech types - have asked me about it. Hope this helps someone out there!
Any other ideas