Hello world,
I’ve been troubleshooting a connection issue with Outlook 2007 to my corporate Exchange server for days now, and believe I’ve found the issue, but wanted to float this with the community to see if anyone has had the same experience?
Basically Outlook wouldn’t connect to the Exchange server unless I disabled Comodo’s firewall (v3.10.102363.531). I had all my Block and Ask rules (for every app) set to Log, but nothing was appearing in the Firewall Events log.
Through some trial and error I tracked it down to the “Block Fragmented IP datagrams” setting in the firewalls Attack Detection Settings. With this setting checked, Outlook would not connect, as soon as I uncheck it and click OK, Outlook connects just fine.
Has anyone else had this same issue?
Two things;
-
Can we have options to log these attacks in the firewall events log when they happen, both for troubleshooting and understanding when our computers are under attack?
-
Rather than have this as a global setting, could we target this to particular applications? i.e. I’d like to block fragmented datagrams for all apps except for Outlook, or except for my corporate network connections, etc.
Thanks!
Edit: I just read some of the help about the fragmentation option and went to my router and increased the WiFi Fragmentation Threshold (MTU) to it’s maximum allowable amount: 2346. Rebooted the router, but I get the same issue as before. Does this indicate a network issue or a firewall issue?
Hello bladeanon,
Well i don’t have this issue with Outlook 2007 and Exchange 2005.
It depends on your network infrastructure, is Outlook the only application having trouble, or are there more (which you might not know off because it’s not logging this, been requested numerous of times though)?
MTU 2346 is way to large on the connection, can you please revert to the default value, i think 1500.
What’s the connection type your running ?
DSL/PPPoA/PPPoE ?
Thanks for the reply Ronny, I’ve done some further investigation using SpeedGuide.net’s TCP Optimizer and found that when I connect to the Internet I get an MTU of 1500, but when I connect to my corp. VPN (PPTP) I get an MTU of 1400 - the MTU=2346 is for my home wireless network.
As far as I can tell Outlook is the only effected application, but you’re right - without the rejected packets being logged, I really have no idea.
I do know that my MSN IM connection (using the Trillian IM client) is very unstable - a very knowlegable D-Link engineer told me it was probably due to packet fragmentation issues. He worked on that issue for a long time but we never found the source of the problem (it continues to this day).
My WAN connection is Cable and my router is correctly setting a WAN MTU of 1500. Should I set my WiFI MTU = 1500 or 1400 also? I’ll try these options and let you know…
Cable and VPN connections have “overhead” so they need less then 1500 MTU which is the default for “normal” Ethernet connections (including Wifi). I’d try to set it to 1400 and then test it lowered.
You can also use ping to diagnose maximum packet size
You need the following parameters
-l size
-f don’t fragment
I can ping my gateway with the following settings adding one byte make’s DF complain:
ping -l 1272 -f 192.168.x.y
Pinging 192.168.x.y with 1273 bytes of data:
Packet needs to be fragmented but DF set.
Putting up larger pings and removing the -f (DF) flag results in request timed-out, unless i uncheck “block fragmented packets” like it’s supposed to.
I tried both 1400 and 1500 for the WiFi MTU, no luck.
I’ve previously tried the ping command with -l and -f to hosts on the Internet and on my corp. VPN, that’s how I knew about the 1500 (Internet) and 1400 (corp. VPN) settings. These take into account the 28 bytes required for overhead. I also confirmed these settings with the SpeedGuide.net TCP Optimizer which does the same pings and calculations.
The Linksys default for WiFi 802.11n is 2346 - the Linksys engineer set it to 2100 previously, and I tried 1500, 1400, and 1300 but this last one didn’t reduce my overall MTU when doing the ping tests - weird huh? Maybe the WiFi MTU is only for within the WiFi network, i.e. it reconstructs the packets when handing off to a wired network…? Regardless, none of these lower WiFi MTU settings changed my strange firewall behavior.
I’m not sure if the cable is using PPPoE or similar - nothing in the router settings indicate this.
I’ll change the WAN MTU from 1500 to 1400 and see what happens. 
Okay, this is weird - I set the WAN MTU and the WiFi MTU = 1400. Then did my ping tests:
SpeedGuide.net TCP Optimizer:
Pinging [66.230.207.58] with 40 bytes ->bytes=40 time=230ms TTL=52
Pinging [66.230.207.58] with 750 bytes ->bytes=750 time=200ms TTL=52
Pinging [66.230.207.58] with 1125 bytes ->bytes=1125 time=219ms TTL=52
Pinging [66.230.207.58] with 1312 bytes ->bytes=1312 time=218ms TTL=52
Pinging [66.230.207.58] with 1406 bytes ->bytes=1406 time=218ms TTL=52
Pinging [66.230.207.58] with 1453 bytes ->bytes=1453 time=214ms TTL=52
Pinging [66.230.207.58] with 1476 bytes → …fragmented
Pinging [66.230.207.58] with 1465 bytes ->bytes=1465 time=182ms TTL=52
Pinging [66.230.207.58] with 1470 bytes ->bytes=1470 time=217ms TTL=52
Pinging [66.230.207.58] with 1473 bytes → …fragmented
Pinging [66.230.207.58] with 1472 bytes ->bytes=1472 time=190ms TTL=52
The largest possible non-fragmented packet is 1472 (1500 - 28 ICMP & IP headers).
You can set your MTU to 1500
No matter what I do, no change!? I even unplugged the router for 30secs and restarted it, MTU was still set at 1400, but allows up to 1500!?
The pings to hosts on the VPN connection are still saying; “The largest possible non-fragmented packet is 1372 (1400 - 28 ICMP & IP headers). You can set your MTU to 1400.”
I confirmed all these tests with pings from the Windows command line.
Still no change to my Outlook / block fragmented packets issue… any advice?