Recently I had a case where people were complaining about network issues, like slow website openings, slow file uploads and similar. Interestingly that just a week before I fixed and issue for them with very similar symptoms, there was half-duplex connection between the router and ISP device. However they provided screenshots with timed out ping results, moderate speedtest results and mentioned that accessing their business website(publicly available) takes more than 15 seconds, while from outside it takes less than a couple.
So being very surprised I jumped into remote session with a customer and started to troubleshoot:
– business site could be opened, but it was not responding to pings from customer’s LAN, at the same time I was able to ping it continuously from Internet
– next I tried to ping default gateway out of curiosity rather than because I had a firm idea on what is going on, and ping was also unsuccessful. Very interesting, as default gateway is a Cisco router with no ACL on internal interface!
Now I had an idea though ;), I then checked if I can ping host from the router with no luck as well(but I was able to see its MAC in arp table using ‘show ip arp | inc <customer-IP>‘ command), then I checked firewall on the customer’s PC to just find out that it is completely disabled and all firewall functions are performed by Symantec Endpoint Protection software.. Once I temporary disabled it network operations got back to normal, customer was able to access business website instantly, no ping losses anywhere, so he was very happy that issue was resolved.
Unfortunately I can’t tell what caused Symantec Endpoint Protection software to behave like that, that issue was redirected to another department.