I have slow internet browsing speed when the users use the McAfee web gateway proxy, I'm sure it is a DNS problem . below are the details:
the customer have websense and ISA as a proxy, which have the real DNS. and the users have only internal DNS configured to resolve the internal domain names only.
so, all web naming resolution is done in the ISA.
I put McAfee web gateway (220.127.116.11) in the network for a POC
when I set the McAfee web gateway in the network, same VLAN for internal and external for ISA and the same real DNS for ISA, I have a slow internet browsing speed.
just a test from one PC which have a real DNS, the internet browsing speed is good,
how can the name resolution for websites be done only in the McAfee web gateway and have good internet speed.
can anyone advise on this?
do you configure your browser to point to MWG directly, or are you using a PAC file or one of the transparent modes?
In case you talk to the MWG directly (e.g. configure its IP address and port in the browser settings manually), no DNS should be performed on the Client.
Can you share some more information?
thanks asabban for your quick response,
the users use the Mcafee web gateway as explicit proxy in the browser.
up to now no users are pointed to the MWG, until we solve the slowness in the browsing speed.
I had like this problem before with a customer who set the real DNS on the machines, when I denied the HTTP/HTTPS traffic for the machines from the cisco ASA, I had slow internet speed and the clients couldn't resolve the names, in that time I allowed the clients to reach the real DNS, by allow rule in the ASA for the DNS servers.
sorry I have missed your answer. I think we need to unterstand in detail what is happening on your client. Do you have any test PC available on which you can replicate the issue and where you can install Wireshark, to capture all network traffic?
If you have one I think we have a good chance to find out what happens if you start capturing traffic in the client, start the browser and try to access a URL. So we can find out if there is anything slow on the client, or if the client sends out the request in time, but Web Gateway does not answer as expected.
Can you provide this information?
Additionally, did you already talk to support about this issue? Maybe they have some more insight.
I created a service request and nothing new , just uploading tcpdump file, they will analyse and reply (this since 2nd of August)
if you would I can send you a tcpdump file generated from the McAfee web gateway . and a feedback file for the configuration
I had the same issue and what we did to fix it was to create dedicated DNS servers where only my mcafee proxies had access. This resolved the slowness as well as "host not resolved" issues.Message was edited by: cestrada on 8/11/11 2:46:40 PM CDT
Thanks DBO and cestrada,
I'll check the DNS response on sunday,
cestrada: we are still in a POC, and I can't show the customer anything without good performance for the appliance.
so, is it a general problem with McAfee proxies? cause they have ISA before and they had the external/real DNS servers with good performance.
how can I explain this for the prospect customer?
does the Mcafee proxies have limitations with real DNS?
I have 15 implemetations with local DNS servers, with perfect performance, but when I deal with real/external DNS servers I have slow internet access
( this is the second time )