I had a similar issue with my firewall in the past couple of weeks. The base issue *looked* like DNS problems, and they were, sorta...
We found that the real issue was a state table on the firewall, limiting UDP sessions. It was set at a max of 2500, and when I looked at the table, it was sitting at 2499 or 2500 for extended periods of time. So, I doubled the limit, monitored it for a while, then found it was hovering between 4500 and 5000 quite a bit, so doubled it again to 10000. The timeout for sessions was also set to 300 seconds, and I turned that down to 60 seconds. Those actions cleared my problem - don't know if it's the same issue for you, but it might be worth looking at. On Fri, May 27, 2011 at 09:34, Level 5 Lists <[email protected]> wrote: > I have a client with a t1 and cable as a backup for about 50 users and 9 > servers. > > > > The past week their internet became amazingly slow, we pulled opendns out, > we pulled the proxy filter out and still same thing. > > > > Reviewing onsite it seems like when we goto a webpage we get a lot of > website found waiting for reply for several seconds. > > > > I switched gateways between t1 and cable and seemed to have no effect. You > eventually get there, but I cant seem to pinpoint whats causing it. > > > > We tried removing the opendns forwarders, then no forwarders, then some > forwarders to some public DNS servers. Always the same thing. > > > > Internally dns seems fine, no errors, ad replication is functioning okay etc > etc .. Kind of at a loss as to where to look next. > > > > Speedtest/pingtest are showing speeds as expected on both connections, > latency everything there seems pretty normal (16dn/6up on cable, A rating on > pingtest) > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
