I hear a lot of people complain about intermittent performance issues with the ISA Firewall. They claim that they install the ISA Firewall and everything is fine, but then, without any rhyme or reason, the Internet connection slows to a crawl and pages take “forever” to load.
I believe these folks when they say the Internet link is slow, as I’ve seen intermittent slow downs many times myself. If this network performance issues persists, then you’re going to need to do some troubleshooting. When doing troubleshooting on network performance issues and the ISA Firewall, you must begin with one basic Law of Networking:
IN 99.987% OF THE CASES, THE ISA FIREWALL IS NOT THE CAUSE OF THE PROBLEM
When you being with that tenet firmly placed in your mind, you can being your network troubleshooting tasks.
This week I had my own network performance issue. My office has a 15Mbps FiOS line, so I expect Web page to pop up pretty quickly, since there are only two of us in the office. The ISA Firewall is configured correctly and the clients are configured to use the autoconfiguration script, so optimal performance has always been the case and there haven’t been any problems for months.
So, what did I do?
- Run tracert to several common sites. Nothing really useful there. No blackhole routers or routing loops detected
- Run pathping. Again, no delays found between any of the hops
- Check the ISA Firewall Alerts section to see if I was being flooded from internal or external resources. As expected, there was nothing there, since I didn’t see any delays in the first or second inquires
- Run Netmon to confirm that no DoS situation was extant. Confirmed that there was no DoS issue.
- Turned off Bitorrent, which I thought might be putting the NAT device in front of the ISA Firewall under too much “stress”
- Checked the ISA Firewall performance console to see the latency for page downloads. Nothing interesting here as page downloads were only taking 100-200ms.
Nothing really interesting turned up in these investigations, so I suffered through a couple of days of poor performance and starting troubleshooting again. This time, for some reason, I started up FireFox (I typically use only IE, since I realize that Firefox has it’s own issues and I don’t buy into the Leo Laporte alarmism that many people do regarding IE). FireFox wasn’t any faster, but I did notice that in the status bar of the browser, it showed “connecting to www.tacteam.net”. I wasn’t going to www.tacteam.net, but I do forward denied requests to that FQDN.
This gave me an idea. I went to www.drudgereport.com and it was very slow in loading. I then checked the Source information on the page that wasn’t loading and found that the source contained the text that was not appeared on the page yet. This showed me that most of the page was downloaded, but that that the browser was waiting for something in order to complete rendering the page.
My guess was that it was waiting for www.tacteam.net. I check the server status for www.tacteam.net and indeed, the Web site was down. The server restarted itself after a recent update and the restart hung up. I rebooted the Web server again, and then checked performance. Bingo! Pages loaded up again as fast as they used to.
So, the next time you’re running into Web page performance issues, check to see that the site that you’re redirecting Web requests is online and performing properly.