Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 17480 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet access slow when on VPN

IanJohnson

Hi Guys

We are having problems with Sophos AV on one of our users PC's. He is a remote user who connects via our VPN to our office. But after he authenticates any browser related application grinds to a halt. Clicking on internet Explorer or Chrome results in a 5 minute wait before it starts, then when it starts the whole interface and browsing experience is so slow and unresponsive.

As soon as he disconnects everything loads up straight away. At first I thought this was a VPN issue, but if I disable Sophos whilst he is connected everything is instantaneous again.

He can navigate file shares and email ok when connected, but can not seem to load up IE or Chrome. Yesterday I uninstalled, reinstalled and updated and it worked great, but since a reboot we are back to square one.

He is using Windows 7 Pro 64bit and connecting to our AV server here for updates the same as everyone else who doesn't have a problem.

Can anyone suggest anything? If you need anymore information let me know.



This thread was automatically locked due to age.
Parents
  • 0

    Hello IanJohnson,

    I'd start with How to troubleshoot LSP interactions... (or did you anyway just disable Web Protection when you disabled Sophos?). Which VPN is this (please see also the related information in the article)?

    Christian

  • 0 in reply to QC
    Hi Christian

    Thanks for your reply, we do not use the Web protection in Sophos therefore it is already disabled. We are using Cisco AnyConnect

    Ian
  • 0 in reply to IanJohnson

    Hello Ian,

    just to make sure: Block access to malicious websites is Off as is Download scanning, and you also don't use Web Control? And to make really sure - netsh winsock show catalog|find "Sophos". Guess you would have mentioned SCF which is another "usual suspect". Hm, we don't have issues with AnyConnect and Sophos. Can't see why the "base" SAV should affect just browsers and only when VPN is active ... is the same for all (internal and external) URLs/sites?

    Christian

  • 0 in reply to QC
    Hi Christian

    This is the result of the netsh command :

    C:\Windows\System32>netsh winsock show catalog|find "Sophos"
    Description: Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [TCP/IP]]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [UDP/IP]]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [TCP/IPv6]]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [UDP/IPv6]]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP over [RSVP TCPv6 Service Provider]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP over [RSVP TCP Service Provider]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP over [RSVP UDPv6 Service Provider]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP over [RSVP UDP Service Provider]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll
    Description: Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [TCP/IP]]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    Description: Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [UDP/IP]]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    Description: Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [TCP/IPv6]]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    Description: Sophos Web Intelligence IFSLSP over [MSAFD Tcpip [UDP/IPv6]]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    Description: Sophos Web Intelligence IFSLSP over [RSVP TCPv6 Service Provider]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    Description: Sophos Web Intelligence IFSLSP over [RSVP TCP Service Provider]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    Description: Sophos Web Intelligence IFSLSP over [RSVP UDPv6 Service Provider]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    Description: Sophos Web Intelligence IFSLSP over [RSVP UDP Service Provider]
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    Description: Sophos Web Intelligence IFSLSP
    Provider Path: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll


    We don't use the Sophos firewall.

    it is the same for all internal and external URL's.. But the problem before then is IE/Chrome can take 5 minutes to load, and then a similar time to load a website, often resulting in a Not Responding white screen.

    I tired adding the local and network mapped drives as exclusions in the On-demand extensions and exclusions section to narrow down the problem, but it made no difference.
  • 0 in reply to IanJohnson

    Hello Ian,

    obviously the LSP is loaded. On-demand is not involved (it applies to Scan my computer, right-click and scheduled scans). The On-Access setting might be as the default for Download scanning is As on-access.
    Set the mentioned Web protection settings to "Off" (from the Console or the local GUI). On Windows 7 starting the Sophos Web Intelligence Update service (it'll almost immediately stop again) should unload the LSP. If netsh still shows them loaded the endpoint needs a reboot. If the LSP is not loaded and the issue has disappeared please follow article 111225 (or if you indeed want Web protection to be off - seems it wasn't - use an appropriate AV policy).

    Christian 

Reply
  • 0 in reply to IanJohnson

    Hello Ian,

    obviously the LSP is loaded. On-demand is not involved (it applies to Scan my computer, right-click and scheduled scans). The On-Access setting might be as the default for Download scanning is As on-access.
    Set the mentioned Web protection settings to "Off" (from the Console or the local GUI). On Windows 7 starting the Sophos Web Intelligence Update service (it'll almost immediately stop again) should unload the LSP. If netsh still shows them loaded the endpoint needs a reboot. If the LSP is not loaded and the issue has disappeared please follow article 111225 (or if you indeed want Web protection to be off - seems it wasn't - use an appropriate AV policy).

    Christian 

Children
No Data