problem browsing websites
This is a stange one to me. Unfortunately I have limited access to troubleshoot.
Recently a client switched to a hosted office/restaurant/country club solution for their business.
All work is done via terminal services so the provider installed a firebox firewall to create a vpn tunnel from the site to their server. The local network stayed the same except now all internet traffic goes through the firebox. This includes phones and internet.
Yesterday I got a call from one of the office workers. She was having trouble browsing the internet. "Internet explorer cannot display the web page". I was able to connect via logmein and troubleshoot. When I looked I couldn't connect to her home page, but could to other pages.
Tracert gets there in 17 hops. Browsing is the problem.
to troubleshoot I changed to static ip on the local network and changed dns from the dns on the pdc to be the dns provided by the hosting provider, consolidated. I also changed it to Comcast DNS but had the same problem.
I also took my laptop and plugged it into a separate port on the firebox that is configured for public access to the internet. Typically the only thing plugged into it is an access point that wifi users connect to. That port is configured as a dhcp server. It assigns consolidated's dns server. I couldn't browse the internet.
What makes it stranger is that different computers have access to different websites.
Just now I've been testing with one machine, it could ping yahoo.com but not browse to it.
After a successful tracert, yahoo.com popped up.
trying to go to cnn.com a bing search pops up, I click the link to www.cnn.com and get "Internet explorer cannot display the web page". Well at least that's what happened last time. This time the page comes up.
I would normally think this was a simple dns issue but not since the behavior continued after assigning the isp dns server. Very intermittent. At this moment everything appears to be working on the machine I'm connected to.
Makes me wonder if bandwidth is an issue and if Qos policies for the phones are the cause of the browsing issues.
Any suggestions?
Recently a client switched to a hosted office/restaurant/country club solution for their business.
All work is done via terminal services so the provider installed a firebox firewall to create a vpn tunnel from the site to their server. The local network stayed the same except now all internet traffic goes through the firebox. This includes phones and internet.
Yesterday I got a call from one of the office workers. She was having trouble browsing the internet. "Internet explorer cannot display the web page". I was able to connect via logmein and troubleshoot. When I looked I couldn't connect to her home page, but could to other pages.
Tracert gets there in 17 hops. Browsing is the problem.
to troubleshoot I changed to static ip on the local network and changed dns from the dns on the pdc to be the dns provided by the hosting provider, consolidated. I also changed it to Comcast DNS but had the same problem.
I also took my laptop and plugged it into a separate port on the firebox that is configured for public access to the internet. Typically the only thing plugged into it is an access point that wifi users connect to. That port is configured as a dhcp server. It assigns consolidated's dns server. I couldn't browse the internet.
What makes it stranger is that different computers have access to different websites.
Just now I've been testing with one machine, it could ping yahoo.com but not browse to it.
After a successful tracert, yahoo.com popped up.
trying to go to cnn.com a bing search pops up, I click the link to www.cnn.com and get "Internet explorer cannot display the web page". Well at least that's what happened last time. This time the page comes up.
I would normally think this was a simple dns issue but not since the behavior continued after assigning the isp dns server. Very intermittent. At this moment everything appears to be working on the machine I'm connected to.
Makes me wonder if bandwidth is an issue and if Qos policies for the phones are the cause of the browsing issues.
Any suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so what i've discovered is if I setup using a static ip and point dns to use a DNS server I have on site some names get resolved. I'm guessing the ones that resolve are in that DNS servers cache. The ones it cant resolve, it to fails, probably for the same reason clients that pickup ip info (including the ISP dns) fail to resolve any names.
I have made contact with the people that manage the firebox and they will be getting back with me.
Thanks for your reply techops
I have made contact with the people that manage the firebox and they will be getting back with me.
Thanks for your reply techops
ASKER
it was in the firewall. Apparently the ISP's DNS servers were port scanning the firebox so the firebox locked it out. They made an exception and all is well.
Thanks again.
Thanks again.
NP, glad it got you in the right direction for the resolution.
If I understand correctly, using a single computer you were unable to access to yahoo then after a while (a few seconds i presume) accessed it successfully?
If so, and given the other symptoms you described above, you might be faced with a problem similar to that of my client more than a year ago. In their case, the load (CPU and memory) of the firewall was too big, it choked, resulting to intermittent connections. We had to reset, redesign and streamline firewall rules. The other option, of course, was to replace it with a bigger capacity firewall.
I hope this helps.
Regards,