Solved

problem browsing websites

Posted on 2013-06-14
5
427 Views
Last Modified: 2013-06-14
This is a stange one to me. Unfortunately I have limited access to troubleshoot.
Recently a client switched to a hosted office/restaurant/country club solution for their business.
All work is done via terminal services so the provider installed a firebox firewall to create a vpn tunnel from the site to their server. The local network stayed the same except now all internet traffic goes through the firebox. This includes phones and internet.

Yesterday I got a call from one of the office workers. She was having trouble browsing the internet. "Internet explorer cannot display the web page". I was able to connect via logmein and troubleshoot. When I looked I couldn't connect to her home page, but could to other pages.

Tracert gets there in 17 hops. Browsing is the problem.

to troubleshoot I changed to static ip on the local network and changed dns from the dns on the pdc to be the dns provided by the hosting provider, consolidated.  I also changed it to Comcast DNS but had the same problem.

I also took my laptop and plugged it into a separate port on the firebox that is configured for public access to the internet. Typically the only thing plugged into it is an access point that wifi users connect to. That port is configured as a dhcp server. It assigns consolidated's dns server. I couldn't browse the internet.

What makes it stranger is that different computers have access to different websites.

Just now I've been testing with one machine, it could ping yahoo.com but not browse to it.
After a successful tracert, yahoo.com popped up.

trying to go to cnn.com a bing search pops up, I click the link to www.cnn.com and get "Internet explorer cannot display the web page". Well at least that's what happened last time. This time the page comes up.

I would normally think this was a simple dns issue but not since the behavior continued after assigning the isp dns server. Very intermittent. At this moment everything appears to be working on the machine I'm connected to.

Makes me wonder if bandwidth is an issue and if Qos policies for the phones are the cause of the browsing issues.

Any suggestions?
0
Comment
Question by:bwierzbicki
  • 2
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
TechOps07 earned 500 total points
ID: 39247737
I would look at the firewall settings and configuration. It seems to me that possible that is where the issue lies.

Some machines are able to access X site but others cannot access X site is basically what I am understanding. So my thought is possibly some type of groups or ACLs are setup for specific IPs or something along those lines.

Is there any way you can bypass the Firebox firewall to test that theory out? If it works than you know that is where the problem is.

Good Luck!
0
 
LVL 4

Expert Comment

by:Christopher Raymond Mendoza
ID: 39247853
Hello bwierzbicki,

If I understand correctly, using a single computer you were unable to access to yahoo then after a while (a few seconds i presume) accessed it successfully?

If so, and given the other symptoms you described above, you might be faced with a problem similar to that of my client more than a year ago. In their case, the load (CPU and memory) of the firewall was too big, it choked, resulting to intermittent connections. We had to reset, redesign and streamline firewall rules. The other option, of course, was to replace it with a bigger capacity firewall.

I hope this helps.

Regards,
0
 

Author Comment

by:bwierzbicki
ID: 39248350
so what i've discovered is if I setup using a static ip and point dns to use a DNS server I have on site some names get resolved. I'm guessing the ones that resolve are in that DNS servers cache. The ones it cant resolve, it to fails, probably for the same reason clients that pickup ip info (including the ISP dns) fail to resolve any names.

I have made contact with the people that manage the firebox and they will be getting back with me.

Thanks for your reply techops
0
 

Author Closing Comment

by:bwierzbicki
ID: 39248510
it was in the firewall. Apparently the ISP's DNS servers were port scanning the firebox so the firebox locked it out. They made an exception and all is well.

Thanks again.
0
 
LVL 4

Expert Comment

by:TechOps07
ID: 39248991
NP, glad it got you in the right direction for the resolution.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For cloud, the “train has left the station” and in the Microsoft ERP & CRM world, that means the next generation of enterprise software from Microsoft is here: Dynamics 365 is Microsoft’s new integrated business solution that unifies CRM and ERP fun…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question