Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hello all,
I have the following scenario: my internal users need to access an pop3/smtp server to send and receive e-mails. I have a rule allowing pop3/smtp from internal to external. Sometimes they canīt send e-mail and ISA logs the following message: 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED. I was capturing those packets and some of them appears the following message: This frame is a (suspected) retransmission.
Anybody have any ideas what it could be? Is there anyway to disable this ISA functionallity?
Yes! That certainly could be the problem. If it's hanging around 97% most of the time, there are going to be a good percentage of times that it's at 100% and some connections are going to be dropped.
Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Tom,
I was thinking about that too. And only for test I disabled the anti-spoofing feature for a couple of days and even with the link at 97% most of the time, we could experience a good improvement in sending e-mail. What do you think about that?
Posts: 321
Joined: 10.Oct.2006
From: MICHIGAN, US
Status: offline
Just a little note... I would also try to see if you can figure out what that traffic is to see if there is anything you can get rid of...expecially if it is malicious. GFI Webmonitor would help with controlling malicious traffic as well as some of the liesure sites during business hours. You might try FairShare for ISA or a third-party packet-shaping appliance as well. Just thoughts of course.