Some secure pages take too long to load. Not all. Strange.

[r3dn3ck]

Greetings:

I'm troubleshooting an issue for a customer. We operate a web site that uses only secure pages and content. The application sends email to users when they have a task to complete. The link directs them to a secure page. Users behind a MS ISA 2000 server running in Proxy mode in a pure NT4.0 NTLM authentication environment experience 25-70 second load times for the page while users outside the ISA's sphere of influence see 5-12 second load times.

I've considered suggesting that they use SOCKS5 to obfuscate the whole proxy issue but I know they won't want to play that way. So, looking for ways to set particular URL's to bypass the proxy, or similar ways to tune the problem away.

We've determined that the server they're running ISA on is more than sufficient performance wise to handle the load, in case you were wondering.

 

[coco10]

Hi, firts check the rule prossesing order and then try use de firewall client

hope its hepls
coco10

 

[r3dn3ck]

You'll have to forgive my ignorance but since I'm trying to troubleshoot for a customer without ever having seen their environment and they're a little less than cooperative, could you fill me in on a few details?

1. What is it that the firewall client does for me in this instance, where does it run (client/user or at the proxy server), what's the official application name, etc. I'm trying to pick up what I can but there's startlingly little info online.

2. Do you know of a way to export the rules so that they're readable outside ISA? Like maybe exporting to a csv or similar delimited text file.

3. Are there any mechanisms built into ISA that would allow and entire domain to bypass the services provided by the proxy? ie... sending all requests to host.domain.tld direct without having the proxy fetch the pages?