+ 0 Votes on the subject of DNS Suffixs CG IT 2 years ago DNS suffix options in the advanced option/DNS in the nic card properties, for Windows 7 machine, come into play in a Microsoft Active Directory environment. unlike Windows XP, Windows 7 machines really need the Active Directory domain name listed in the DNS suffix options in the nic card properties page to be able to find domain controllers to authenticate with and by inclusion, the Active Directory DNS server in which to resolve domain name queries. In your PIX config, you have dhcpd domain Mcleodusa.net as the dhcp domain name. A whois lookup of mcleodusa.net produces this: Registrant: WINDSTREAM COMMUNICATIONS, INC. 6400 C Street SW PO Box 3177 Cedar Rapids, IA 52406 US Domain name: MCLEODUSA.NET Administrative Contact: Inc., McLeodUSA 6400 C Street SW PO Box 3177 Cedar Rapids, IA 52406 US 281.465.1200 Technical Contact: Inc., McLeodUSA 6400 C Street SW PO Box 3177 Cedar Rapids, IA 52406 US 281.465.1200 Registration Service Provider: PAETEC, 800-340-2555 http://www.paetec.com This company may be contacted for domain login/passwords, DNS/Nameserver changes, and general domain support questions. Registrar of Record: TUCOWS, INC. Record last updated on 11-Apr-2012. Record expires on 20-Oct-2012. Record created on 21-Oct-1996. Registrar Domain Name Help Center: http://tucowsdomains.com Domain servers in listed order: NS2.MCLEODUSA.NET 188.8.131.52 NS3.MCLEODUSA.NET 209.253.113. It's possible, but maybe not probable, clients are being told the DNS server is mcleodusa.net by the PIX firewall in which to resolved DNS queries. If mcleodusa.net is not your DNS servers then this might be the reason Windows 7 clients can't reach your external web site, as the DNS listed in the PIX cant resolve the query and doesn't forward the unresolved query, by virtual of rejecting queries. BUT, if you have statically assigned DNS servers in clients, with another DNS server address, such as your ISP's DNS servers then this DNS option in DHCP on the PIX this shouldn't matter. The client computers will use the DNS servers that are configured. BUT, the other difference with Windows 7 than Windows XP is Windows 7 supports IPv6 [and the PIX 506 doesn't] so, it's possible, but not probable, that Windows 7 is using IPv6, which is on by default, and using information obtained from the PIX such as DNS servers, which may be the wrong ones. A test is to turn off IPv6 on the Windows 7 boxes and only use IPv4 see if that makes a difference. It may or may not. Lots of good information from all posters here and armed with that, you'll get a good idea of the information you need to discover, to narrow down the potential cause of the problem of your external web site, not displaying in Windows 7 machines.