Currently Being ModeratedSep 10, 2010 12:43 PM (in response to Thomas Moy1)were you having problems with just secure downloads?
We are using the SonicWall Pro 2040 too and are having an issue with websites not loading properly or at all. The problem is not consistent and only happens on the Macs. It seems that page is loading so slow due to some filtering on the firewall that it times out. This is on all major browsers and versions (as far as I know).2.4 GHz Intel Core 2 Duo iMac, Mac OS X (10.6.2), 4GB RAM
Currently Being ModeratedSep 10, 2010 3:24 PM (in response to DLR)This one rings a bell too. Poke around in that diag.html page (okay, backup your system settings first!), and try ticking either of the following.
Ignore malformed TCP headers
Clear DF Bit (don't fragment)
Enable TCP packet option tagging
My (poor) memory thinks it's the first one that unleashed consistent downloads to our Macs. It's something their support staff guided me to last time, so if you're persistent with support, you could probably get it out of them.
Good luck.Mac Pro 2008, Mac OS X (10.6.4)
Currently Being ModeratedSep 30, 2010 6:51 AM (in response to Thomas Moy1)Thank you for this, sonicwall was no help. My developer tools download just went from 6 days to 1 hour on the estimated download time.
Currently Being ModeratedOct 18, 2010 11:51 AM (in response to James Devaney)Hey guys,
I am having the same problem with my environment, are there any other tips to help this problem. I did the diag.html trick, but it only boosted the download by 300Kbs. Your help is greatly appreciated.mac mini
Currently Being ModeratedNov 18, 2010 8:33 AM (in response to Thomas Moy1)Thanks for this!
I also had to call Sonicwall and get the diag.html fix (enable enforcement on TCP window and set the max allowed TCP window to 256.
This fixed iTunes downloads and other downloads on Windows 7, but I started having issues with some sites like Skype and Yahoo not working with IE. I enabled the 3 ticks you mentioned and now everything appears to be working.HP TouchSmart tm2, Windows 7
Currently Being ModeratedNov 18, 2010 10:09 AM (in response to Damon Betlow)Spoke too soon. It appears I had to set the max TCP window to 512 in order for the websites like Wikipedia, Yahoo, go.microsoft.com, and Skype to work reliably.
"only boosted the download by 300Kbs"
Are you sure it is kilobits per second and not kilobytes per second?
300 KB/s (or 2.4 Mbps) is pretty darn good.HP TouchSmart tm2, Windows 7
Currently Being ModeratedDec 7, 2010 6:59 AM (in response to Thomas Moy1)We've been pulling our hair out on this one for a long time. We went to SonicWall support and referenced this thread. They followed up with the following (they essentially said "give it a shot"):
If you are wanting to make the DPI modification listed you can do so following the directions below:
- log into the SonicWALL GUI
- Change the current address from http://XX.XX.XX.XX/main.html to http://XX.XX.XX.XX/diag.html
- Click Internal Settings
- Under Security Services Settings locate and checkmark Enable enforcement of a limit on maximum allowed advertised TCP window with any DPI-based service enabled
- You may also want to uncheck the option directly below it
- Enforce Host Tag Search for CFS
- Make sure to click Apply at the top of the page
Anyway it seems to be working for us. but we're going to do a bit more testing (our max TCP window is still set at 64 - I'd like to see if there are any reliability issues with Wikipedia, Yahoo, go.microsoft.com, and Skype)
Currently Being ModeratedDec 8, 2010 6:22 PM (in response to Thomas Moy1)For those using third party firewalls should bookmark the Apple web page Well known TCP and UDP ports used by Apple software products to know what ports on that firewall need to opened.
Plus SSL uses port 443.
Message was edited by: satcomerMacBook Pro 2.16, Mac Pro Dual 2.8, 14G RAM, Mac OS X (10.6.5), iPhone 32 3GS and Time Capsule 2T
Currently Being ModeratedDec 23, 2010 9:30 PM (in response to Thomas Moy1)Thank you, thank you, thank you!! Just got a new iMac and was noticing terribly slow downloads from the updater. Put a new hard drive in my old iMac and was trying to download 1.3GB of updates to it. It had run for over 10 hours with an estimate of 27 hours remaining. Made this change, and the 27 hours dropped to 3 minutes.
And it finished in that...
Whew!!iMac 2007, Mac OS X (10.6.5)
Currently Being ModeratedMar 4, 2011 2:56 PM (in response to DLR)Hey DLR -
Did you happen to resolve this issue? We are having the same problem when connecting to a particular server while behind our firewall here at the office.
Thanks.MBP, Mac OS X (10.6.4)
Currently Being ModeratedOct 31, 2011 11:50 AM (in response to Thomas Moy1)
For anyone that is on a Windows Domain using Active Directory/DNS then you do not want to check this: Clear DF Bit (don't fragment).
I spent the better half of my day today trying to figure out why Windows machines were taking 30 minutes to login at the "Applying personal settings" dialog as well as not updating DNS, not applying Group Policy objects and Microsoft Exchange failing to connect.
This setting seems to break Kerberos authentication which is the default authentication method for AD. I believe it is because Kerberos will fragment packets if it is too large. If the client doesn't receive these fragmented packets in order, it will fail.
My mac users are working now with simply enabling this: Enable enforcement of a limit on maximum allowed advertised TCP window with any DPI-based service and changing the window size from 64 to 256.
Currently Being ModeratedJan 11, 2012 3:28 PM (in response to Thomas Moy1)
I just saw the same thing with a brand new Mac Book Pro, and a Sonicwall TZ180. With help from SW tech guys, we discovered that turning off Gateway Virus, AntiSpam, and IPS fixed the problem. I wasn't happy though about opening such a gaping hole in the firewall, even if it was limited to the Mac (which supposedly suffers less from virus and spyware issues).
We finally found another solution. We reset the TCP MTU from 1500 to 1404 for a cable modem connection. That made the Mac happy, and solved the download issue.
Currently Being ModeratedJan 11, 2012 3:29 PM (in response to Thomas Moy1)
BTW, the TZ180 didn't have the setting that was recommended above, so I had no way of testing that particular fix.
Currently Being ModeratedJan 11, 2012 3:42 PM (in response to rogersmithiii)
Do you have the enhanced OS or the standard OS? It should have the setting if you're on enhanced.