Very slow access to one domain (Full Version)

All Forums >> [ISA Server 2000 General] >> General


JW -> Very slow access to one domain (21.Nov.2006 11:09:27 AM)

I have ISA 2000 w/SP2 installed on a W2K SP4 server, which is also a DC (and running DNS and RAS).  I'm only using it as a web proxy (caching and firewall services are disabled), as I have a Check Point firewall to handle that.

We have major problems accessing the FedEx web sites.  Accessing both regular and secure pages is painfully slow.  We originally had * and in our list of allowed domains.  I have since changed that to 199.81.*.*, because it seems to perform better when using the IP instead of the domain name in the address, but that step alone did not help.  So it appears to be a DNS problem.  I added an entry to the HOSTS file on the ISA server for FedEx, which had no effect (ditto on the clients).  It is slow both on the server itself, with the proxy settings enabled, and on any client using the proxy.  It also does not matter if I use the proxy's address as the gateway or the firewall's address.  As long as the browser is configured to use the proxy, the site crawls.

If I bypass the proxy and go straight to the Check Point, the pages will display almost instantly.  This does not happen with any other domains we regularly visit.  FedEx has been no help other than telling us to open ports 80 and 443 (gee, thanks for the tip).  Sometimes clearing the browser's cookies and temp files will help, but not always.

The server is a Dell PowerEdge 2450 with a single 1 GHz processor and has 2 GB RAM and over 90 GB free hard disk space, and has a single 10/100 NIC.  Other than being a DC and running DNS and RAS, the only thing I have on it is GFI's WebMonitor.  I've already been through the very short list of ISA performance tuning tips in Microsoft's KB.  Access to any other site is at least adequate, if not fast.  Any ideas?

Page: [1]