Solved

problem browsing websites

Posted on 2013-06-14
5
423 Views
Last Modified: 2013-06-14
This is a stange one to me. Unfortunately I have limited access to troubleshoot.
Recently a client switched to a hosted office/restaurant/country club solution for their business.
All work is done via terminal services so the provider installed a firebox firewall to create a vpn tunnel from the site to their server. The local network stayed the same except now all internet traffic goes through the firebox. This includes phones and internet.

Yesterday I got a call from one of the office workers. She was having trouble browsing the internet. "Internet explorer cannot display the web page". I was able to connect via logmein and troubleshoot. When I looked I couldn't connect to her home page, but could to other pages.

Tracert gets there in 17 hops. Browsing is the problem.

to troubleshoot I changed to static ip on the local network and changed dns from the dns on the pdc to be the dns provided by the hosting provider, consolidated.  I also changed it to Comcast DNS but had the same problem.

I also took my laptop and plugged it into a separate port on the firebox that is configured for public access to the internet. Typically the only thing plugged into it is an access point that wifi users connect to. That port is configured as a dhcp server. It assigns consolidated's dns server. I couldn't browse the internet.

What makes it stranger is that different computers have access to different websites.

Just now I've been testing with one machine, it could ping yahoo.com but not browse to it.
After a successful tracert, yahoo.com popped up.

trying to go to cnn.com a bing search pops up, I click the link to www.cnn.com and get "Internet explorer cannot display the web page". Well at least that's what happened last time. This time the page comes up.

I would normally think this was a simple dns issue but not since the behavior continued after assigning the isp dns server. Very intermittent. At this moment everything appears to be working on the machine I'm connected to.

Makes me wonder if bandwidth is an issue and if Qos policies for the phones are the cause of the browsing issues.

Any suggestions?
0
Comment
Question by:bwierzbicki
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
TechOps07 earned 500 total points
ID: 39247737
I would look at the firewall settings and configuration. It seems to me that possible that is where the issue lies.

Some machines are able to access X site but others cannot access X site is basically what I am understanding. So my thought is possibly some type of groups or ACLs are setup for specific IPs or something along those lines.

Is there any way you can bypass the Firebox firewall to test that theory out? If it works than you know that is where the problem is.

Good Luck!
0
 
LVL 4

Expert Comment

by:Christopher Raymond Mendoza
ID: 39247853
Hello bwierzbicki,

If I understand correctly, using a single computer you were unable to access to yahoo then after a while (a few seconds i presume) accessed it successfully?

If so, and given the other symptoms you described above, you might be faced with a problem similar to that of my client more than a year ago. In their case, the load (CPU and memory) of the firewall was too big, it choked, resulting to intermittent connections. We had to reset, redesign and streamline firewall rules. The other option, of course, was to replace it with a bigger capacity firewall.

I hope this helps.

Regards,
0
 

Author Comment

by:bwierzbicki
ID: 39248350
so what i've discovered is if I setup using a static ip and point dns to use a DNS server I have on site some names get resolved. I'm guessing the ones that resolve are in that DNS servers cache. The ones it cant resolve, it to fails, probably for the same reason clients that pickup ip info (including the ISP dns) fail to resolve any names.

I have made contact with the people that manage the firebox and they will be getting back with me.

Thanks for your reply techops
0
 

Author Closing Comment

by:bwierzbicki
ID: 39248510
it was in the firewall. Apparently the ISP's DNS servers were port scanning the firebox so the firebox locked it out. They made an exception and all is well.

Thanks again.
0
 
LVL 4

Expert Comment

by:TechOps07
ID: 39248991
NP, glad it got you in the right direction for the resolution.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now