Hi, this is happening for a while on one of our site. First, here's an overview of our setup
Image may be NSFW.
Clik here to view.
The problem is happening on clients of 12.x subnet. So randomly some clients can't browse internet sites. It happens for 30min-1h and then comes back by itself.
- Doesn't seem to be a routing issue as when the problem is happening I can still ping internet IPs
- Doesn't seem to be DNS related as I can resolve LAN and WAN DNS names from the problematic machine
- I also looked at my 3 DNS servers and A records are correct ith the correct IP for the client PC
- Browsing web sites on LAN is working fine
- The problem NEVER happened on the other site (subnet 8.x)
- When it's happening it's only to 1,2 or 3 clients and all others of the same subnet are working perfectly
On TMG log, we can see traffic between the client and TMG but with "SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer." errors. As soon as the client PC becomes alive again, the log doesn't show these "non-SYN" errors again.
