Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Sonicwall and AOL webmail

147 views
Skip to first unread message

Paul Mills

unread,
Aug 16, 2002, 12:19:55 AM8/16/02
to
Hi,

We have deployed a large number of Sonicwall devices (ranging from
Pro300s to SoHo3s), and have noticed that users cannot access their
aol webmail from behind the Sonicwalls. If a user goes to
aolmail.aol.com from behind one of our Sonicwalls, the browser says
that the page cannot be displayed. This is the url that is shown --
http://webmail.aol.com/_cqr/vllogin.adp

We have spoken with AOL, and it was indicated to us that they were
having server issues and that might be the cause of it. It was
recommended that our users try the aol sites in Mexico, the UK, and
Canada. We have tried those, and they work just fine from behind the
Sonicwall.

Recently, several users reported that they can access their aol email
from home. As an experiment, we plugged a laptop outside the
Sonicwall, and got to the US AOL site just fine. Plugged the laptop
in behind the firewall again, and got the same old error message.

Anyone encountered this before? Any thoughts?

Sonicwall suggested that we lower our MTU to 1300 and allow fragmented
packets. We already had our MTU at 1404 and were allowing fragmented
packets. Lowering to 1300 did not help.

Thanks!
Paul

NeoSadist

unread,
Aug 16, 2002, 6:44:25 AM8/16/02
to
AoL sucks and has many security holes. On top of all that, it's not a
standard dial up adapter. It's their own adapter, which makes it
non-win-standard. (Unless they've changed that recently).

"Paul Mills" <mi...@htls.info> wrote in message
news:1fa26100.02081...@posting.google.com...

Jason Silva

unread,
Aug 16, 2002, 9:51:00 AM8/16/02
to
Hello Paul,

We are behind a Sonicwall as well and I can access my aol webmail just fine.
I don't understand the standard Sonicwll MTU answer. I wouldn't touch that.
Do you have any rules set up. Have you blocked any ports not defaultly
done with Sonicwall. The only change I had to make was to have the aol mail
website an "allowed domain". Otherwise certain keywords in the URL caused
it to be blocked.

Good Luck,

Jason Silva CSSA, A+

"Paul Mills" <mi...@htls.info> wrote in message
news:1fa26100.02081...@posting.google.com...

Slade Wilson

unread,
Aug 16, 2002, 10:11:31 AM8/16/02
to
Paul,

I agree with NeoSadist, don't use AOL. You won't be able to use the Content Filtering features of
the SonicWALL if your users are using the AOL browser and you won't be able to VPN off of AOL's own
network adapter. The reason the CFL won't work is because when you use AOL's browser and/or dial-up
you're using AOL's servers as a proxy to the internet.

I don't know what you're network/IT needs are, but hopefully my 2 cents where worthwhile.


---------------------------
Slade Wilson
---------------------------
"In combat, pain is good; it means you're still alive."

Paul Mills

unread,
Aug 16, 2002, 12:26:52 PM8/16/02
to
Hi,

We recently installed a large number of Sonicwall devices, ranging in
size from a Pro 300 to a SoHo3. Several users have complained that
they can no longer access their aol mail via AOL's webmail site. We
contacted AOL, and the support staff indicated to us that they are
having trouble with their US server and that they did not think it was
a firewall issue. They recommended that users try the UK, Mexico, and
Canada sites. Our users did, and these sites all work fine.

In the meantime, we tried plugging a laptop outside the firewall and
accessing aol webmail with the .com address, and it worked just fine.
We then tried again from inside the firewall, and it did not work.
So, I am thinking that it is indeed a Sonicwall issue.

I called Sonicwall, and they suggested that I adjust the mtu setting
downward to 1300. I tried that, and it did not help. I am going to
call them back and see what else we can try.

Any thoughts or suggestions?

Thanks!
Paul

Paul Mills

unread,
Aug 17, 2002, 12:44:42 AM8/17/02
to
> I agree with NeoSadist, don't use AOL. You won't be able to use the Content Filtering features of
> the SonicWALL if your users are using the AOL browser and you won't be able to VPN off of AOL's own
> network adapter. The reason the CFL won't work is because when you use AOL's browser and/or dial-up
> you're using AOL's servers as a proxy to the internet.
>
> I don't know what you're network/IT needs are, but hopefully my 2 cents where worthwhile.

Thanks to everyone for replying.

The deal is we serve a large number of public libraries, and patron
come in and use the public internet PCs to access their AOL email via
a standard web browser. It's part of our service mission to provide
public access, but the patrons aren't using anything that is
proprietary of AOL to get to the AOL site.

We have our MTU lowered to allow for the overhead that encryption uses
for our vpn. Sonicwall suggested that I lower the MTU on a test PC to
see if it would allow for access to the site, so I downloaded Internet
Tweak 2002 at their suggestion and tried it on a laptop. Lowered the
MTU on the laptop to 1300 with the tool and it worked like a charm.

So, AOL's website for webmail does not like the MTU size that we have
on our boxes. Seems like a big pain to have to change the MTUs on all
the workstations that would need to access AOL webmail.

Dave Stanton

unread,
Aug 17, 2002, 8:53:16 AM8/17/02
to
On Fri, 16 Aug 2002 11:44:25 +0100, NeoSadist wrote:

> AoL sucks and has many security holes. On top of all that, it's not a
> standard dial up adapter. It's their own adapter, which makes it
> non-win-standard. (Unless they've changed that recently).

Non - win standard ????????????. Since when has windows been a standard ?.

Dave

John

unread,
Aug 20, 2002, 6:11:12 PM8/20/02
to
I had a customer with a similar issue so I cleared the Browser cache and it
worked fine after that.

Good luck.

mi...@htls.info (Paul Mills) wrote in news:1fa26100.0208160826.3b9507c5
@posting.google.com:

> Hi,
>
> We recently installed a large number of Sonicwall devices, ranging in
> size from a Pro 300 to a SoHo3. Several users have complained that

> they can no longer access their aol mail via AOL's webmail site. We...


Paul Mills

unread,
Aug 22, 2002, 11:13:39 PM8/22/02
to
Thanks, John.

Yeah, we had tried that, but no luck. I think we will just be
changing alot of settings. . . :-)

John <jo...@assurednet.net> wrote in message news:<Xns9270B81E25E8B...@64.154.60.22>...

wailakig

unread,
Aug 24, 2002, 4:29:14 PM8/24/02
to
I'm real familiar with this issue, which is similar to one that
affects a few dozen other websites that I know of, one being the
southwest airlines fare calculation area. the problem seems to be
related to MTU packet size behavior and has three components:

1. client side has some odd MTU behavior in the internet connection or
possibly on the hosts.

2. client side also has some sort of NAT device running (SNWL,
Linksys and a few others)

3. webserver side has some odd MTU behavior in the internet
connection or possibly on the hosts.

All three add up to a situation where you have to try, by trial and
error, a combination of these MTU and packet tweaks. example below
for a SNWL, since I don't know the others:

a) adjust the MTU setting on Advanced - Ethernet screen, from default
of 1500 to 1404 or 1300 bytes. update page.

b) enable fragments on the outbound rule that allows the LAN to
access the internet (see the edit button for the "allow default from
LAN to * " rule)

Combine those two, and see if anything changes. You might even have
to restart the modem or router that is attached on the SNWL WAN port.

... if that doesn't work ...

c) try UNCHECKING the "Fragment outbound packets larger than WAN MTU"
checkbox on the Advanced - Ethernet screen

You might even have to restart the modem or router that is attached on
the SNWL WAN port.


mi...@htls.info (Paul Mills) wrote in message news:<1fa26100.02082...@posting.google.com>...

Paul Mills

unread,
Aug 28, 2002, 8:27:47 PM8/28/02
to
> I'm real familiar with this issue, which is similar to one that
> affects a few dozen other websites that I know of, one being the
> southwest airlines fare calculation area. the problem seems to be
> related to MTU packet size behavior and has three components:
>
> 1. client side has some odd MTU behavior in the internet connection or
> possibly on the hosts.
>
> 2. client side also has some sort of NAT device running (SNWL,
> Linksys and a few others)
>
> 3. webserver side has some odd MTU behavior in the internet
> connection or possibly on the hosts.
>
> All three add up to a situation where you have to try, by trial and
> error, a combination of these MTU and packet tweaks. example below
> for a SNWL, since I don't know the others:
>
> a) adjust the MTU setting on Advanced - Ethernet screen, from default
> of 1500 to 1404 or 1300 bytes. update page.
>
> b) enable fragments on the outbound rule that allows the LAN to
> access the internet (see the edit button for the "allow default from
> LAN to * " rule)
>
> Combine those two, and see if anything changes. You might even have
> to restart the modem or router that is attached on the SNWL WAN port.
>
> ... if that doesn't work ...
>
> c) try UNCHECKING the "Fragment outbound packets larger than WAN MTU"
> checkbox on the Advanced - Ethernet screen

Thanks for the reply!

We had tried a) and b) with no success, but not c)
We gave that a try, and things seem to be working well without any ill
effects to our vpn.

Many thanks for your help!

Craig Carrigan

unread,
Sep 12, 2002, 4:59:55 PM9/12/02
to
If the end result was to access AOL email, an install of the AOL
software might do the trick. I know that in some instances that
won't work but it did resolve the issue with a client of ours.
Almost seems TOO simple.


mi...@htls.info (Paul Mills) wrote in message news:<1fa26100.02081...@posting.google.com>...

0 new messages