Internet Impeded by ISA Server Firewall
A reader wants to speed up Internet behind and in front of the firewall.
We're experiencing unusually slow access to the Internet with client computers behind an ISA Server firewall. The problem isn't related to the browser, as we use both Internet Explorer and Firefox. If we connect a computer to the Internet outside the firewall, we get very fast access. How can I speed up access?
A. There's a known issue with ISA Server 2004 and 2006. When the ISA Server tries to resolve the name of an external Web site requested by internal clients to an IP address, it runs into problems because the internal DNS server is unable to resolve external DNS names. The result: excruciatingly long delays. In fact, many times the users have to constantly refresh the browser to view the Web pages because it won't display them on the first try.
Microsoft offers a solution in Knowledge Base article 839510 in the form of some Visual Basic Scripting Edition code that disables name resolution for the ISA Server routing rules. Hopefully that should solve your problem. Remember to restart the firewall service for the changes to take effect.
As a best practice, you should always back up your ISA Server configuration before making any changes, in case you need to restore a previous configuration.
If this doesn't solve your problem, look at how your DNS is forwarding requests. If your internal DNS forwards requests on behalf of all other domains to the ISA Server, which in turn forwards them to your ISP's DNS server, then try configuring your internal DNS server so that it forwards requests for external domains directly to your ISP's DNS servers. That should make a big difference in terms of speeding up Internet access for your internal clients. As suggested in the KB article, your internal DNS server will then be able to resolve external DNS names.
Zubair Alexander, MCSE, MCT, MCSA and Microsoft MVP is the founder of SeattlePro Enterprises, an IT training and consulting business. His experience covers a wide range of spectrum: trainer, consultant, systems administrator, security architect, network engineer, author, technical editor, college instructor and public speaker. Zubair holds more than 25 technical certifications and Bachelor of Science degrees in Aeronautics & Astronautics Engineering, Mathematics and Computer Information Systems. His Web site, www.techgalaxy.net, is dedicated to technical resources for IT professionals. Zubair may be reached at firstname.lastname@example.org.