so what being done the spi s

There seem to be a lot of folks having issues with crippled internet browsing capabilities due to SPI being enabled at their routers/firewalls (me included). Disabling SPI is not an option in many corporate network environments. The bandwidth gestapo will be happy that Vista users cannot surf the net, but as far as I am concerned the product is still essentially unusable in Beta 2 (I can't even download the bug reporting tools or navigate to windows update). It seems to me that the nifty new TCP stack is terribly broken. What is Microsoft doing about this? Can we expect any relief soon?

If it is broken and doesn't affect everyone, what then? I have a great internet appliance from Sonicwall and no problems surfing the net with beta 2.
"mkprilliman" wrote in message

There seem to be a lot of folks having issues with crippled internet browsing capabilities due to SPI being enabled at their routers/firewalls (me included). Disabling SPI is not an option in many corporate network environments. The bandwidth gestapo will be happy that Vista users cannot surf the net, but as far as I am concerned the product is still essentially unusable in Beta 2 (I can't even download the bug reporting tools or navigate to windows update). It seems to me that the nifty new TCP stack is terribly broken. What is Microsoft doing about this? Can we expect any relief soon?

I am glad that you are having success with your experience AMDX2. I guess what I am really trying to state here is that if you intoduce a new TCP stack that is incompatible with an extremely common network topology, then it is "broken" in my "book." My "book" defines "broken" as something that does not work correctly. A "workaround" are the steps and measures taken to compensate for something that is "broken" in order to use it. Synonyms for "workaround" include "hack" and "kludge".
I am not assuming that you have hacked your firewall settings in any way, but don't the Sonicwall appliances combine SPI with Deep Packet Inspection (DPI)? I'm thinking that there may possibly be a problem with TCP packet headers that may be causing them to get dropped by routers/firewalls that only use SPI. DPI might be able to correctly determine that the packets are indeed valid, but at what cost? DPI enabled firewalls are more expensive in both cost and processing time. In an enterprise network ecosphere this could be cost prohibitive.
I know from my testing experiences both at home and work that disabling SPI at the firewall "cures" my Vista throughput problems. But disabling SPI also opens the doors for DoS attacks and other malicious connection hacks. Such a workaround is not an option for most users that wish to protect their networks. There are a ton of corporations (from small to enterprise scale) that rely on existing SPI enabled environments to protect their systems - there will be a lot of resistence to adopting Vista if it requires significant upgrades to firewalls (or a degradation of existing policy to workaround Vista's apparent "issues" with SPI). I am just wanting to make sure that Microsoft is aware that until they can fix this problem there is at least one business environment of over 250 desktops and another 50 servers that will not be upgrading to Vista any time soon.

"AMDX2" wrote:

If it is broken and doesn't affect everyone, what then? I have a great internet appliance from Sonicwall and no problems surfing the net with beta 2.
"mkprilliman" wrote in message There seem to be a lot of folks having issues with crippled internet browsing capabilities due to SPI being enabled at their routers/firewalls (me included). Disabling SPI is not an option in many corporate network environments. The bandwidth gestapo will be happy that Vista users cannot surf the net, but as far as I am concerned the product is still essentially unusable in Beta 2 (I can't even download the bug reporting tools or navigate to windows update). It seems to me that the nifty new TCP stack is terribly broken. What is Microsoft doing about this? Can we expect any relief soon?

What you say makes total sense and I get it now. The Sonicwall is Deep Packet Inspection firewall yes.
Shoot, I might even want to sell my Sonicwall soon, not sure though.
"mkprilliman" wrote in message

I am glad that you are having success with your experience AMDX2. I guess what I am really trying to state here is that if you intoduce a new TCP stack that is incompatible with an extremely common network topology, then it is "broken" in my "book." My "book" defines "broken" as something that does not work correctly. A "workaround" are the steps and measures taken to compensate for something that is "broken" in order to use it. Synonyms for "workaround" include "hack" and "kludge".
I am not assuming that you have hacked your firewall settings in any way, but don't the Sonicwall appliances combine SPI with Deep Packet Inspection (DPI)? I'm thinking that there may possibly be a problem with TCP packet headers that may be causing them to get dropped by routers/firewalls that only use SPI. DPI might be able to correctly determine that the packets are indeed valid, but at what cost? DPI enabled firewalls are more expensive in both cost and processing time. In an enterprise network ecosphere this could be cost prohibitive.
I know from my testing experiences both at home and work that disabling SPI at the firewall "cures" my Vista throughput problems. But disabling SPI also opens the doors for DoS attacks and other malicious connection hacks. Such a workaround is not an option for most users that wish to protect their networks. There are a ton of corporations (from small to enterprise scale) that rely on existing SPI enabled environments to protect their systems - there will be a lot of resistence to adopting Vista if it requires significant upgrades to firewalls (or a degradation of existing policy to workaround Vista's apparent "issues" with SPI). I am just wanting to make sure that Microsoft is aware that until they can fix this problem there is at least one business environment of over 250 desktops and another 50 servers that will not be upgrading to Vista any time soon.

"AMDX2" wrote:
If it is broken and doesn't affect everyone, what then? I have a great internet appliance from Sonicwall and no problems surfing the net with beta 2.
"mkprilliman" wrote in message There seem to be a lot of folks having issues with crippled internet browsing capabilities due to SPI being enabled at their routers/firewalls (me included). Disabling SPI is not an option in many corporate network environments. The bandwidth gestapo will be happy that Vista users cannot surf the net, but as far as I am concerned the product is still essentially unusable in Beta 2 (I can't even download the bug reporting tools or navigate to windows update). It seems to me that the nifty new TCP stack is terribly broken. What is Microsoft doing about this? Can we expect any relief soon?