Just tried what? What version of IE? What OS? All SP and patches? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx] > Sent: Thursday, June 26, 2003 8:42 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: AW: Online Banking Issues > > http://www.ISAserver.org > > > Just tried that, it didn't work...Thanks, though. > > Jeff Sloan > Network Administrator > Cross Oil Refining & Marketing, Inc. > 484 E. 6th St. > Smackover, AR 71762 > > Phone 870-864-8688 > Fax 870-864-8689 > Cell 870-866-9941 > > > > -----Original Message----- > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > Sent: Thursday, June 26, 2003 9:23 AM > To: ISALists > Subject: [isalist] Re: AW: Online Banking Issues > > > http://www.ISAserver.org > > > > This is what I am suspecting, and I have no problem making a registry > > = > change for > > the oddball site, or a config file change if needed for the = same > > thing, > but for > > national banking firms, they better get their = 'stuff' strait. They > > still > say they are > > working with Microsoft to get it = fixed. I'll let the group know when > they get it fixed, > > and what they did = if they will tell me. > > Before we shoot the site programmers, it may not be entirely there > fault. > > I still have a suspicion that it is more of a security firewall issue. > > Here is my conclusion on the issue I was working on for a client a month > ago: > > "05/19/03 6:00 PM Case wrapup. It appears this issued was caused by a > change in the way WellsFargo does a security check on the inbound > packets. The SonicWall is set to fragment outgoing packets at 1404 to > resovle a blackhole router issue setting up VPN with Toronto, that was > done in December of 2001. Normally then, if the client does not discover > the recipient MTU, the firewall will repackage the packets to the small > size. I received more information about this from the Imail Forum group > where one person said they are probably blocking ICMP Code 3 Type 4 > which would screw up the MTU path discovery, which would have allowed > the client to switch automaticly to a smaller MTU size. So, by forcing > the clients to use a MTU packet size of 1400, the outbound packets were > never fragmented, and thereby never changed. This also requires updates > Q810847 and Q813951 to be installed on the client." > > So, if the client, or even their firewall/router, is not able to > discover the MTU path, and the packets are fragmented at some point, the > problem appears. This is also why the problem does not occur with > regular websites, only SSL where there is additional overhead added to > the packets. > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com No.1 > Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to > $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')