I had recently been working on an issue which I thought might interest other people that have a similar problem.
Following a new implementation we had been experiencing issues access Hotmail mailboxes and issues with replying/forwarding messages using Yahoo mail.
The client had a SonicWall 3060 as the edge firewall and ISA 2004 with SP2 (with KB916106 applied) as back firewall. When configured to surf directly through the SonicWall the above websites functioned 100%, but proxying through ISA gave us the following error:
Network Access Message: The page cannot be displayed
Explanation: The request timed out before the page could be retrieved.
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion. Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped. Access from a link: If there is a link to the page you are looking for, try accessing the page from that link. Contact website: You may want to contact the website administrator to make sure the Web page still exists. You can do this by using the e-mail address or phone number listed on the website home page.
If you are still unable to view the requested page, try contacting your administrator or Helpdesk.
Technical Information (for support personnel)
Error Code 64: Host not available Background: The gateway or proxy server lost connection to the Web server. Date: 9/11/2006 4:57:06 AM Server: servername Source: Remote server
Initially believing that this issue was an ISA related problem i then connected the ISA directly to the internet connection (no SonicWall as edge) only to find that Hotmail worked 100%... In other words the SonicWall was doing something wrong once the ISA was proxying the request.
Doing a couple of searches I came up with the following article on the SonicWall page referring to issues accessing Hotmail and some other websites.
SonicWALL: Now, based on what you told me I understand that:
You want help with Content Filtering.
You want help with Content Filter Service (Standard or Premium).
You are unable to access Hotmail and some other sites with Content Filtering Service (CFS) enabled.
SonicWALL: This issue occurs when CFS is enabled on the SonicWALL and is then configured to use an external Web Proxy Server which does not comply with TCP RFC 1323. Upgrading to 126.96.36.199 Enhanced may resolve this problem. If the issue persists, follow these additional steps:
Access the hidden diag.html page.
Click Internal Settings.
Deactivate the 'Enforce Host Tag Search with for CFS' check box.
Click Apply then Close to save the change and return to the regular management interface.
And yes you guessed it, once we had disabled the security feature on the SonicWall article the Hotmail and Yahoo access suddenly started working. The firewall was already running a higher build than the proposed 188.8.131.52 so disabling was the only fix.
As this is a hidden setting I have not been able to get any documentation explaining what the feature does exactly, but it has something to do with the Content Filtering System built into the SonicWall firewall. It also only affects certain websites (in this case Hotmail) and only when using ISA as a proxy server.
Once I get an answer from the support I will post the functionality and what happens when this feature is disabled.
I found a couple of forum articles where other people had similar issues using Squid proxies and SonicWall and it might be related.
Hope this helps you guys somewhere,
< Message edited by GerhardC -- 12.Sep.2006 4:34:34 AM >
Thank you sir, this proved to resolve the same issue we were experiencing. We have a SonicWALL 4060 running enhanced firmware with ISA2004sp2 behind it. We saw similar behaviour last year that affected traffic to many sites, however this time we only had problems with hotmail. That CFS is great stuff but can prove troublesome at times.