A client of mine must get his broadband connection via DSL from a particular ISP (Whose staff, I'll say at the start, have been unfailingly pleasant to deal with but who admit to having no idea what's wrong.)
The client wants a stateful packet inspection (hereinafter STPI) firewall rather than a simple NAT box, and we have tried two: the SOHOware NBG800 and the NetGear FR314. The SOHOware unit was knocked out due (the ISP says) to an incompatible and non-adjustable MTU. The NetGear unit almost works, and that's where it gets interesting. The problem in a nutshell: With the firewall in place, some web sites won't load, or rather load so slowly that something times out before they complete. With the DSL modem connected directly to the client's PC, the sites load fine. It seems that either the NetGear box has a suble routing problem that occurs only when it is hooked to a PPPoE ISP, or the ISP has a sutble problem, perhaps with STPI firewalls, that they can't figure out. The details: FWIW I have tried Both IE5x and Netscape 4.7x browsers. A few sites are marginal, and work intermittently with the firewall in place. (DSLreports, for example.) A perfect example of the problem is found in the ISP/phone company's own web pages. www.acsalaska.com comes up fine, but (with the firewall in place) www.acsalaska.net does not. FWIW, I can ping sites that allow it to my heart's content, regardless of whether the firewall is in place or not. The reply times were in line with what I expect up here. This problem has been reproduced during three site visits on different days. The ISP's and NetGear's techs thought there was something wrong with the firewall itself. So I used the unit in my own network, which uses a cable modem (non-PPPoE) for Internet access, and had no problem with it. The only router/firewall supported by this ISP is a Nexland NAT-only unit. One ISP tech said SonicWALL's firewalls will not work with their service, but couldn't say why. That last piece of information is my only lead, as I hear rumor that the FR314's firmware is licensed from SonicWALL. I know of other STPI firewalls in the under-$200 range, but I want to have some idea of what's wrong before the client buys another one. Well, I've tried to keep all this short, and I apologize for failing. Does this problem ring any bells? -Lauren _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls