We are running our finance information on a remote mainframe. This is the most critical traffic for the college. The clients establish a VPN to the remote firewall and the finance program runs through it. We have three T1 lines consolidated into one virtual pipe to their location. This is also our connection to the internet.
Given our current problems it has become clear the protocol is so poorly designed that the loss of a packet or two will cause the connection to be dropped.
The problem got much better when I forced all students to use our throttled proxy but the issue continues. Our provider has recommended we add another T1 line or buy a traffic shaper. I believe since the overwhelming majority of our traffic is incoming, the proper location for a traffic shaper is on their end of the pipe. Putting one on our end wouldn't help much. I even suggested we break one T1 out and dedicate it to this traffic. Their policy won't allow this.
In an effort to further limit our incoming traffic I blocked RTSP to prevent streaming audio/video. We are working to force all staff to use the web proxy as well.
Can someone recommend what more I can do from my end without spending a fortune.