Problems with Yahoo, Hotmail and AOL Access - Firewalls

This is a discussion on Problems with Yahoo, Hotmail and AOL Access - Firewalls ; Hi A public library client of mine with about 50 public access Internet PC's has been using their town's system for connection. The town uses Firewall 4.1, I believe. I assume this is a good product when it's properly configured, ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Problems with Yahoo, Hotmail and AOL Access

  1. Problems with Yahoo, Hotmail and AOL Access

    Hi

    A public library client of mine with about 50
    public access Internet PC's has been using
    their town's system for connection. The town
    uses Firewall 4.1, I believe. I assume this is
    a good product when it's properly configured,
    but it's mostly a nuisance when it's not. There
    have been chronic problems for the library due
    to the town techs not configuring it properly.
    The latest is that when a library patron goes
    into Yahoo Mail or Hotmail, everything looks
    fine for the initial mail check, and maybe one
    reply or composition, but then that's it -- any
    further attempts at replying or checking folders
    ends with either no response or subsequent
    the mail program stops responding or else a "The
    document contains no data" message pops up.

    But it you exit out of the browser and go back
    in, you can then check the next email. It's a
    stupid nuisance.

    I'm currently setting up a system to allow the
    library to switch over all the public access PC's
    to another, slower internet connection whenever
    there are problems with the town system, but I'm
    looking for some insight into what I can tell
    the town techs about this latest issue (BTW, when
    I switched over as a test to the other connection,
    all the email flakiness disappeared.)

    I'm assuming that they aren't deliberately trying
    to mess up Yahoo and Hotmail access, so any ideas
    I can relay to them would be most appreciated.

    Thanks in advance.

    -BC

  2. Re: Problems with Yahoo, Hotmail and AOL Access

    bconneely@yahoo.com (BC) wrote in message news:...
    > Hi
    >
    > A public library client of mine with about 50
    > public access Internet PC's has been using
    > their town's system for connection. The town
    > uses Firewall 4.1, I believe. I assume this is
    > a good product when it's properly configured,
    > but it's mostly a nuisance when it's not. There
    > have been chronic problems for the library due
    > to the town techs not configuring it properly.
    > The latest is that when a library patron goes
    > into Yahoo Mail or Hotmail, everything looks
    > fine for the initial mail check, and maybe one
    > reply or composition, but then that's it -- any
    > further attempts at replying or checking folders
    > ends with either no response or subsequent
    > the mail program stops responding or else a "The
    > document contains no data" message pops up.
    >
    > But it you exit out of the browser and go back
    > in, you can then check the next email. It's a
    > stupid nuisance.
    >
    > I'm currently setting up a system to allow the
    > library to switch over all the public access PC's
    > to another, slower internet connection whenever
    > there are problems with the town system, but I'm
    > looking for some insight into what I can tell
    > the town techs about this latest issue (BTW, when
    > I switched over as a test to the other connection,
    > all the email flakiness disappeared.)
    >
    > I'm assuming that they aren't deliberately trying
    > to mess up Yahoo and Hotmail access, so any ideas
    > I can relay to them would be most appreciated.
    >
    > Thanks in advance.
    >
    > -BC


    From what you are describing it does not sound like the firewall is
    causing the problem. The firewall rule will either allow or deny the
    session and as the user can connect and do something it seems OK.
    Hotmail etc uses http so should not be any different to any other web
    session.

    The likely cause of your problem is some kind of web content filtering
    system (websense, websweeper etc) which is getting confused or maybe
    improperly configured.

    The fact that it works when you change connection means that you are
    bypassing the firewall and web content filter which, unless you are
    providing some other form of internet protection, could pose other
    dangers.

    BH

  3. Re: Problems with Yahoo, Hotmail and AOL Access

    blh_9@hotmail.com (BLH) wrote in message news:...
    > bconneely@yahoo.com (BC) wrote in message news:...


    > From what you are describing it does not sound like the firewall is
    > causing the problem. The firewall rule will either allow or deny the
    > session and as the user can connect and do something it seems OK.
    > Hotmail etc uses http so should not be any different to any other web
    > session.
    >
    > The likely cause of your problem is some kind of web content filtering
    > system (websense, websweeper etc) which is getting confused or maybe
    > improperly configured.
    >
    > The fact that it works when you change connection means that you are
    > bypassing the firewall and web content filter which, unless you are
    > providing some other form of internet protection, could pose other
    > dangers.
    >
    > BH


    Hi

    Thanks for the response.

    They do have Websense, but that seemed to be misadjusted in a
    way that causes a different set of problems. I was thinking
    that this could be caused by a mix of products set incorrectly,
    but this particular problem seems to coincide with them trying
    to upgrade their security. But then again my experience with
    cheaper firewalls has been to have them set to block/don't
    block for certain programs, ports, and circumstances rather
    than for block-after-they've-done-a-few-things. I'm not sure if
    even Checkpoint can be deliberately adjusted this way. The delay
    in response sounds like caching is somehow involved, which would
    likely mean an ISA Server is in the loop somewhere, but most
    times when an error message is generated, it's done so by their
    Checkpoint system.

    -BC

  4. Re: Problems with Yahoo, Hotmail and AOL Access

    bconneely@yahoo.com (BC) wrote in message news:...
    > blh_9@hotmail.com (BLH) wrote in message news:...
    > > bconneely@yahoo.com (BC) wrote in message news:...

    >
    > > From what you are describing it does not sound like the firewall is
    > > causing the problem. The firewall rule will either allow or deny the
    > > session and as the user can connect and do something it seems OK.
    > > Hotmail etc uses http so should not be any different to any other web
    > > session.
    > >
    > > The likely cause of your problem is some kind of web content filtering
    > > system (websense, websweeper etc) which is getting confused or maybe
    > > improperly configured.
    > >
    > > The fact that it works when you change connection means that you are
    > > bypassing the firewall and web content filter which, unless you are
    > > providing some other form of internet protection, could pose other
    > > dangers.
    > >
    > > BH

    >
    > Hi
    >
    > Thanks for the response.
    >
    > They do have Websense, but that seemed to be misadjusted in a
    > way that causes a different set of problems. I was thinking
    > that this could be caused by a mix of products set incorrectly,
    > but this particular problem seems to coincide with them trying
    > to upgrade their security. But then again my experience with
    > cheaper firewalls has been to have them set to block/don't
    > block for certain programs, ports, and circumstances rather
    > than for block-after-they've-done-a-few-things. I'm not sure if
    > even Checkpoint can be deliberately adjusted this way. The delay
    > in response sounds like caching is somehow involved, which would
    > likely mean an ISA Server is in the loop somewhere, but most
    > times when an error message is generated, it's done so by their
    > Checkpoint system.
    >
    > -BC


    Checkpoint can be configured (or misconfigured) to timeout sessions
    after a period of time but unless there is a specific rule for hotmail
    etc it would happen to all http sessions so this is unlikely.

    Another thing to look for particularly if this is a large organisation
    is redundant pairs or load balancing of servers which if not
    configured correctly can cause problems.

    We used to have websense in this organisation (before my time) but it
    was abandoned as it caused more problems than it solved (dont know
    specific details but certainly performance was an issue). We do have
    websweeper but rather than blocking specific sites we are more
    concerned with checking content of downloaded files etc for virus and
    for this websweeper in conjunction with checkpoint works well.

    BH

  5. Re: Problems with Yahoo, Hotmail and AOL Access

    blh_9@hotmail.com (BLH) wrote in message news:...
    > bconneely@yahoo.com (BC) wrote in message news:...
    > > blh_9@hotmail.com (BLH) wrote in message news:...
    > > > bconneely@yahoo.com (BC) wrote in message news:...

    >


    > > Hi
    > >
    > > Thanks for the response.
    > >
    > > They do have Websense, but that seemed to be misadjusted in a
    > > way that causes a different set of problems. I was thinking
    > > that this could be caused by a mix of products set incorrectly,
    > > but this particular problem seems to coincide with them trying
    > > to upgrade their security. But then again my experience with
    > > cheaper firewalls has been to have them set to block/don't
    > > block for certain programs, ports, and circumstances rather
    > > than for block-after-they've-done-a-few-things. I'm not sure if
    > > even Checkpoint can be deliberately adjusted this way. The delay
    > > in response sounds like caching is somehow involved, which would
    > > likely mean an ISA Server is in the loop somewhere, but most
    > > times when an error message is generated, it's done so by their
    > > Checkpoint system.
    > >
    > > -BC

    >
    > Checkpoint can be configured (or misconfigured) to timeout sessions
    > after a period of time but unless there is a specific rule for hotmail
    > etc it would happen to all http sessions so this is unlikely.
    >
    > Another thing to look for particularly if this is a large organisation
    > is redundant pairs or load balancing of servers which if not
    > configured correctly can cause problems.
    >
    > We used to have websense in this organisation (before my time) but it
    > was abandoned as it caused more problems than it solved (dont know
    > specific details but certainly performance was an issue). We do have
    > websweeper but rather than blocking specific sites we are more
    > concerned with checking content of downloaded files etc for virus and
    > for this websweeper in conjunction with checkpoint works well.
    >
    > BH


    The delayed non-response seems to generically affect all web-based
    email. I should try to test it on a non-webmail form or such to see
    if it's actually affecting a type of input.

    So there is a timeout function...hmmmm. The organization is a large
    town, including the town offices, library, and most schools. The IT
    staff at the town is unlikely to be knowledgeable enough to load-
    balance correctly, to, um, say the very least. And they don't really
    answer questions very well.

    I'll try to look up how Checkpoint times out and maybe see if that
    corresponds with what I'm seeing.

    One issue with the internet switching thingy I set up, using the
    Symantec (Axent) firewall appliance, was that while the fallover
    from the default town connection to the backup is done very, very
    smoothly, there is no content filtering at all on the backup
    connection, which of course was found out pretty quickly. What a
    nuisance....

    But thanks again for the info.

    -BC

+ Reply to Thread