Hello everybody,
I have a problem on my network. Sometimes, when a user opens an Internet website he notices a reduction in speed. It’s principally the case when the website does additional transfer from Google, for example from Google Analytics. But this problem is not
systematic so it’s difficult to give you more information. Sometimes it can be very difficult to access a website and ten minutes later we can go on the same website without noticing any reduction in speed.
I do several analysis from the Forefront TMG 2010, and every time we have that loss of speed the TMG records this event :
Denied Connection SRV-TMG2008 11/02/2014 10:29:37
Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.
Rule: None - see Result Code
Source: Internal (10.4.120.16:51786)
Destination: External (213.152.1.81.static.not.updated.as8218.eu 213.152.1.81:443)
Protocol: HTTPS
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 10.4.120.16
This message only concerns the port 443. There is no problem with all the other ports. I understand the “3 ways handshake”, but I wonder why do I have this problem when a request in concerned by the HTTPS protocol… I make several researches on the subject,
but I didn’t find the answer to my problem… On top of that, I am pretty a newbie in networks. I will give you some additional information.
The TMG in installed as the “door” of the network. It checks all the input and output traffic and plays the role of a proxy. Every byte of data coming from the network passes through the TMG. Every byte of date coming from the external passes through the TMG.
The HTTPS inspection is not enabled and the network administrator doesn’t want to enable it, because it can causes problems with some of the software used by the employees.
All the computers of the network have the IP address of the TMG as a default gateway. But the latter itself has no default gateway except the link toward the Internet Provider. So the TMG has no gateway for the LAN and PPP interfaces.
All the users’ sessions are “remote desktop” sessions from a thin client to a Windows 2008R2 server… yes, the employees work on a 2008R2 session, without any administrator’s rights of course. The problem appears on the thin clients, but also on “classic” computers
with a local session. The reduction in speed appears in Internet Explorer and in Mozilla Firefox. I don’t know if it’s the same problem with other navigators. But we have another problem on Firefox : if we browse pictures and then we do a refresh of the page
(ctrl + F5), the result page will freeze, only show some images, up to ten, and the scrolling bar will disappear. When we do an analysis of this phenomenon on the TMG, the error quoted above appears many ten of times.
I have no idea how to solve this problem…if you have any suggestion, I will read them carefully !
I will also apologize for all the mistakes I made in this message. I’m French and I’m not really good in practicing foreign languages.
Thank you in advance for your answers, and have a nice day !
Lysle