Browsing delay and jamming

[Dazar]

Hello, (...i hope i'm in the right forum)
I've NGX R61 that working in load sharing, unicast mode.
i getting a lot of complains about surfing an the net. i search the logs and find this:

Type: Log
Action: Drop
Protocol: tcp
Service: 59382
Source: 209.191.106.109
Destination: *.*.*.*
Source Port: http (80)

----------------

this is just one of many logs that shows blocking a legitimate web site (in this example it's block YAHOO).
anyone have a idea, why i have thousands of requests from web site back to my FW in source port http ?

there is no problem that i can see on the policy, and the anti spoofing is ok.

Thanks,
David

[melipla]

Quote:

Originally Posted by Dazar

this is just one of many logs that shows blocking a legitimate web site (in this example it's block YAHOO).
anyone have a idea, why i have thousands of requests from web site back to my FW in source port http ?

Sounds like a stateful problem--going to a webpage can create hundreds of connections because of the different types of data. There may be something wrong with your routing. IE The firewall sends it out one port but the connection comes back in another.

[Dazar]

the routing table in all of the machines and routers are fine,
there is no dynamic routing protocol, only static.
btw, the information field in the tracker logs, is empty.

Thanks,
David

[MarioL]

Just as a test you might consider removing the "Drop out of state TCP packets". Check if web access works well after that, if it does, that means you are somehow getting problems with keeping connection state, which would indicate possible routing problems, as stated before. If it doesn't then at least you know what it isn't ;)

[Dazar]

Thanks, but the "Out of state" check box is unmarked.

David