Hello people!

I have BM3.8 installed and a strange behaviour of it. I searched Novell's KB, other web resources, google, here - but did not find anything even indirectly describing the same issue.

Symptoms - there is a delay between finishing of establishing a connection from remote host to public interface of a proxy-server and starting of establishing a connection from private interface to local host. It is determined by using packet capture on both sides. And the worst - this happen not always. I can't say it happen "sometimes" because rather sometimes it does not happen. In a simple telnet test I see a simple delay between connection establishment (to gen-proxy port from outside) and before a prompt is coming. Usually it is about 3-4 seconds delay. Sometimes it is less than a second delay (it is desired to be always, of course!!). Important to say - local host gives prompt without delay always, and if I temporarily permit inbound connection directly through filter exceptions - works fine.

To those who now think about "set tcp delayed ack=off" I can say I tried this. It dramatically helped, and 10 of 10 probes started to work without delays. And when I set it back to on - delays returned. Again off - delays disappeared. Good. But not constant. Shortly after this delays returned regardless of this parameter's value is set to off. I can say, however, I did not restart server after this - but in a parameter description is said that it applies without server restart.

To those who think about DNS resolving I can say my access rules for generic proxies all configured without names, using only ip-addresses.

To those who think about slow access rules checking I can say that my rule stand first for the gen-proxy being under the test, and if the reason of delay is in a slow rule check (maybe slow eDirectory access) - why then my connections through "outbound" generic proxies always work without delay? No, the reason is surely not in rule checking.

CPU utilization is low, TCP connections amount is about 150-200 (according to TCPCON) at the moments with delay and without delay - it also does not relate...

For now, I haven't further idea even what to diagnose. Posting here is a hope to hear some advice from skilled Border Manager users all around the world, and from respectful Border Manager Guru Craig Johnson! Of course, any suggestions from any people appreciated not less!!

Actually, I need to fix this delay not for the comfortable telnet sessions, indeed some little devices with some software are sensible to delays, and no timeout is configurable on them :-(

Thank you for your attention reading to this point and being patient to my language (my native is Russian).

People, even if you only could repeat my experiments on your side and report everything is ok, so that we could search for the difference - should be very helpful to me!