10/22/2008 -- We're experiencing unusually slow access to the Internet when the client computers behind the ISA Server firewall access the Internet. The problem isn't related to the browser as we use both Microsoft Internet Explorer and Mozilla Firefox. If we connect a computer to the Internet outside the firewall, we get very fast access. How can I speed up Internet access for my internal clients behind the firewall?

Answer:
There's a known issue with ISA Server 2004/2006: When the ISA server tries to resolve the name of the external Web site requested by internal clients to an IP address, it runs into problems because the internal DNS server is unable to resolve external DNS names. This results in excruciatingly long delays. In fact, a lot of times, the users have to constantly refresh the browser to view the Web pages because it won't display them on the first try.

Microsoft offers a solution in the KB article 839510. You can download and run the Microsoft Visual Basic Scripting Edition (VBScript) code listed in the KB article to disable name resolution for the ISA Server routing rules. That should hopefully solve your problem. Remember to restart the firewall service for the changes to take effect.

As a best practice, you should always back up your ISA Server configuration before making any changes in case you need to restore a previous configuration.

If this doesn't solve your problem, look at how your DNS is forwarding requests. If your internal DNS is forwarding requests for all other domains to the ISA Server, which in turn forwards it to your ISP's DNS server, then try configuring your internal DNS server so it forwards requests for external domains directly to your ISP's DNS servers. That should make a major difference in speeding up Internet access for your internal clients because, as the KB article suggests, your internal DNS server will be able to resolve external DNS names.