Go Premium for a chance to win a PS4. Enter to Win


problem browsing websites

Posted on 2013-06-14
Medium Priority
Last Modified: 2013-06-14
This is a stange one to me. Unfortunately I have limited access to troubleshoot.
Recently a client switched to a hosted office/restaurant/country club solution for their business.
All work is done via terminal services so the provider installed a firebox firewall to create a vpn tunnel from the site to their server. The local network stayed the same except now all internet traffic goes through the firebox. This includes phones and internet.

Yesterday I got a call from one of the office workers. She was having trouble browsing the internet. "Internet explorer cannot display the web page". I was able to connect via logmein and troubleshoot. When I looked I couldn't connect to her home page, but could to other pages.

Tracert gets there in 17 hops. Browsing is the problem.

to troubleshoot I changed to static ip on the local network and changed dns from the dns on the pdc to be the dns provided by the hosting provider, consolidated.  I also changed it to Comcast DNS but had the same problem.

I also took my laptop and plugged it into a separate port on the firebox that is configured for public access to the internet. Typically the only thing plugged into it is an access point that wifi users connect to. That port is configured as a dhcp server. It assigns consolidated's dns server. I couldn't browse the internet.

What makes it stranger is that different computers have access to different websites.

Just now I've been testing with one machine, it could ping yahoo.com but not browse to it.
After a successful tracert, yahoo.com popped up.

trying to go to cnn.com a bing search pops up, I click the link to www.cnn.com and get "Internet explorer cannot display the web page". Well at least that's what happened last time. This time the page comes up.

I would normally think this was a simple dns issue but not since the behavior continued after assigning the isp dns server. Very intermittent. At this moment everything appears to be working on the machine I'm connected to.

Makes me wonder if bandwidth is an issue and if Qos policies for the phones are the cause of the browsing issues.

Any suggestions?
Question by:bwierzbicki
  • 2
  • 2

Accepted Solution

TechOps07 earned 2000 total points
ID: 39247737
I would look at the firewall settings and configuration. It seems to me that possible that is where the issue lies.

Some machines are able to access X site but others cannot access X site is basically what I am understanding. So my thought is possibly some type of groups or ACLs are setup for specific IPs or something along those lines.

Is there any way you can bypass the Firebox firewall to test that theory out? If it works than you know that is where the problem is.

Good Luck!

Expert Comment

by:Christopher Raymond Mendoza
ID: 39247853
Hello bwierzbicki,

If I understand correctly, using a single computer you were unable to access to yahoo then after a while (a few seconds i presume) accessed it successfully?

If so, and given the other symptoms you described above, you might be faced with a problem similar to that of my client more than a year ago. In their case, the load (CPU and memory) of the firewall was too big, it choked, resulting to intermittent connections. We had to reset, redesign and streamline firewall rules. The other option, of course, was to replace it with a bigger capacity firewall.

I hope this helps.


Author Comment

ID: 39248350
so what i've discovered is if I setup using a static ip and point dns to use a DNS server I have on site some names get resolved. I'm guessing the ones that resolve are in that DNS servers cache. The ones it cant resolve, it to fails, probably for the same reason clients that pickup ip info (including the ISP dns) fail to resolve any names.

I have made contact with the people that manage the firebox and they will be getting back with me.

Thanks for your reply techops

Author Closing Comment

ID: 39248510
it was in the firewall. Apparently the ISP's DNS servers were port scanning the firebox so the firebox locked it out. They made an exception and all is well.

Thanks again.

Expert Comment

ID: 39248991
NP, glad it got you in the right direction for the resolution.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
The article lists top benefits which gaming industry bestows with the assistance of cloud computing technology.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question