I'm receiving a number of errors in the TMG log as:
None - see Result Code0xc0040017FWX_E_TCP_NOT_SYN_PACKET_DROPPED
This comes along with very spotty internet browsing from internal clients. I have a split-dns infrastructure, the DNS server in the DMz is my public DNS. Prior to this error and noticing spotty internet, I made changes to my DNS as I though that was the culprit, but the above issue remains the same. If I reboot the TMG server, the internet browsing is excellent for about 5 - 10 minutes, then falls on it's face. Stopping, refreshing, and multiple clicking on web links eventually gets there, but it's quite annoying.
A post I came across seemed to relate to the VLAN routing. The TMG INT LAN IP address is on the same VLAN as all my internal clients, connected to a cisco 3750G switch. I remember having this same setup years ago when I used ISA 2006. I do not have any ip default-gateway IP set on the switch. Any ideas on if I should make a change or how to resolve this error and internet surfing?
My Configuration:
I have 2 Cisco 3750G core switches in 2 separate rooms. They are connected by trunk port. I have a number of VLAN's as follows:
VLAN10 (Internal LAN) int ip 10.0.10.2
VLAN9 (DMz) int ip 192.168.0.2
VLAN20 (iSCSI) int ip 10.0.20.2
VLAN30 (vMotion) int ip 10.0.30.2
Inter VLAN routing is ok, systems from 1 VLAN can ping systems in another VLAN no problem. The TMG has a 3 NIC setup. DMz IP 192.168.0.9 INT_LAN IP 10.0.10.1 Ext IP x.x.x.x
All of the internal LAN servers and workstaions use the TMG IP as it's gateway. As suggested in a post I read, should I modify the cisco switch to include a default gateway of the TMG IP (10.0.10.1) and configure all of the clients connected to the switch to the VLAN's interface IP of 10.0.10.2? Should I add a static route? Should I add a default-gateway on the configuration of the switch? Any assistance or suggestions would be appreciated. Thanks.
-SK