Windows Advisor

Internet Impeded by ISA Server Firewall

A reader wants to speed up Internet behind and in front of the firewall.

Q. We're experiencing unusually slow access to the Internet with client computers behind an ISA Server firewall. The problem isn't related to the browser, as we use both Internet Explorer and Firefox. If we connect a computer to the Internet outside the firewall, we get very fast access. How can I speed up access?

A. There's a known issue with ISA Server 2004 and 2006. When the ISA Server tries to resolve the name of an external Web site requested by internal clients to an IP address, it runs into problems because the internal DNS server is unable to resolve external DNS names. The result: excruciatingly long delays. In fact, many times the users have to constantly refresh the browser to view the Web pages because it won't display them on the first try.

Microsoft offers a solution in Knowledge Base article 839510 in the form of some Visual Basic Scripting Edition code that disables name resolution for the ISA Server routing rules. Hopefully that should solve your problem. Remember to restart the firewall service for the changes to take effect.

As a best practice, you should always back up your ISA Server configuration before making any changes, in case you need to restore a previous configuration.

If this doesn't solve your problem, look at how your DNS is forwarding requests. If your internal DNS forwards requests on behalf of all other domains to the ISA Server, which in turn forwards them to your ISP's DNS server, then try configuring your internal DNS server so that it forwards requests for external domains directly to your ISP's DNS servers. That should make a big difference in terms of speeding up Internet access for your internal clients. As suggested in the KB article, your internal DNS server will then be able to resolve external DNS names.

About the Author

Zubair Alexander, MCSE, MCT, MCSA and Microsoft MVP is the founder of SeattlePro Enterprises, an IT training and consulting business. His experience covers a wide range of spectrum: trainer, consultant, systems administrator, security architect, network engineer, author, technical editor, college instructor and public speaker. Zubair holds more than 25 technical certifications and Bachelor of Science degrees in Aeronautics & Astronautics Engineering, Mathematics and Computer Information Systems. His Web site, www.techgalaxy.net, is dedicated to technical resources for IT professionals. Zubair may be reached at alexander@techgalaxy.net.

Featured

  • Exchange Server June Cumulative Updates Arrive, but with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • AI-Driven Solution Tracks Packets Through the Datacenter

    Datacenter solutions vendor Kaloom this week unveiled a new offering the company says will enable the development of "self-driving" datacenter networks.

  • Microsoft Previews Azure Bastion Service for Private VM Access

    Microsoft on Tuesday announced a preview of the Azure Bastion service, which lets a user connect to an Azure virtual machine (VM) using a private Internet connection.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.