windows firewall slows page downloads internet explorer

From: ClaudeA (ClaudeA_at_discussions.microsoft.com)
Date: 04/01/05

• Next message: Brian M.: "cant access word files on netwoked pc since updating"
• Previous message: bianca4325: "browser not accepting cookies... help!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 1 Apr 2005 13:07:01 -0800

The client machines that are running XP SP2 with firewall enabled experience
slowness (each page load takes about four times longer). We tried adding
internet explorer to the exceptions list and the pages were still slow.

Pages are served from mainframe sitting behind a CISCO 11506 content switch.
Images have been offloaded to two Windows 2003 servers running IIS 6.0. The
content switch is used to redirect the requests for images to the Windows
2003 servers to remove image serving workload from the mainframe.

1) We disabled the firewall on the XP client machines and it works as normal
when the images are served from the Windows 2003 servers.
2) We enable the firewall on the XP client machines and it works very slowly
when the images are served from the Windows 2003 servers.
3) We enable the firewall on the XP client machine and have the images
served from the mainframe and it works as normal.

The firewall log contains a lot of entries like this:
2005-03-30 17:22:38 DROP TCP 10.10.200.252 10.2.2.178 3017 4561 119 ARP
28697442 640878136 8760 - - - RECEIVE

When I put the image requests in a fast loop I started getting these log
entries as well:
2005-03-30 17:22:38 DROP TCP 10.10.200.252 10.2.2.178 3017 4579 48 SA
25269388 2377419926 8760 - - - RECEIVE
2005-03-30 17:22:38 DROP TCP 10.10.200.252 10.2.2.178 3017 4593 292 FAP
15841893 1906832367 65251 - - - RECEIVE

Our customers want the firewall enabled to protect their machines from
threats on their internal networks via dockable laptops etc.

Is there a solution that would allow the firewall to remain active?

Thanks

---

• Next message: Brian M.: "cant access word files on netwoked pc since updating"
• Previous message: bianca4325: "browser not accepting cookies... help!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Configuring Windows XP SP2 Firewall for Network-based Scanning ... > vulnerabilities on client machines. ... Assuming Windows XP is running, ... Do you really want a firewall with the capability of being shut off ... (microsoft.public.windowsxp.security_admin) Re: nec. ports to access shared folder ? ... well technically the sites/servers are in the dmz and the client machines are ... the internal lan with the internet being on the external/untrusted side. ... file shares to access the servers on the dmz. ... > That is contrary to the design and purpose of the firewall. ... (microsoft.public.windows.server.networking) Re: Client Telnet Success ... The ISA firewall wasn't on the machines! ... > Do all client machines have the ISA Server firewall client installed? ... (microsoft.public.windows.server.sbs) How to deploying ePO 3.5 agent on XP SP2 clients? ... However the firewall on the client machines are preventing this. ... What are the needed ports for agent to be pushed to the clients? ... (microsoft.public.windows.group_policy) How to deploying ePO 3.5 agent on XP SP2 clients? ... However the firewall on the client machines are preventing this. ... What are the needed ports for agent to be pushed to the clients? ... (microsoft.public.windows.group_policy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windowsxp.security_admin  > 2005-04