Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 17 replies
  • Answers 2 answers
  • Subscribers 32 subscribers
  • Views 5885 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow Browsing after enabling security features

ChristianD

Hi!

We are testing a Sophos XG 230 Firewall. Internet access works but when we enable something like HTTPS Scan or Web policy or prevention internet speed extremly slows down. Especially HTTPS websites take 20-30 sec. to load.

I already checked various posts on that topic - they all point to DNS errors, so I checked DNS:

  • Static DNS is configured with 2 IPv4-DNS servers from our ISP.
  • Testing DNS name resolution is not working!

Could it be that something is wrong with our DNS configuration? How can we use all the security features without loss of performance?



This thread was automatically locked due to age.
Parents
  • 0

    You should check quickly awarrenhttp_access.log on the CLI. There you can see exactly what is consuming time regarding your Webrequests.

  • 0 in reply to HuberChristian

    Hi Christian!

    Can you please provide more detailed information on how to check awarrenhttp_access.log?

  • 0 in reply to HuberChristian

    Hi HuberChristian ,

    Could you share the logs from the following 

    Use Advance Shell Option 5>3

    1. less /log/WINGc.log

    2. less /log/nSXLd.log

  • 0 in reply to Aditya Patel

    Here are the logs. I truncated the WINGc.log - hopefully you get the information you are looking for.

    3438.WINGc.txt

    Fullscreen 5504.nSXLd.txt Download 
    [2018-01-09 00:38:41] <4142233536> [info] nSXLd: Parent proxy disabled
[2018-01-09 00:38:41] <4142233536> [info] nSXLd: Cache created with maximum number of 204800 records
[2018-01-09 00:38:41] <4142233536> [info] nSXLd: nSXLd started log level: info
[2018-01-09 00:39:46] <4142233536> [info] nSXLd: caught SIGINT or SIGTERM signal. Stopping daemon
[2018-01-09 00:39:46] <4142233536> [info] nSXLd: nSXLd finished
[2018-10-04 10:29:13] <4141479872> [info] nSXLd: Parent proxy disabled
[2018-10-04 10:29:13] <4141479872> [info] nSXLd: Cache created with maximum number of 204800 records
[2018-10-04 10:29:13] <4141479872> [info] nSXLd: nSXLd started log level: info
[2018-10-04 10:46:34] <4141488064> [info] nSXLd: Parent proxy disabled
[2018-10-04 10:46:34] <4141488064> [info] nSXLd: Cache created with maximum number of 204800 records
[2018-10-04 10:46:34] <4141488064> [info] nSXLd: nSXLd started log level: info
[2018-10-04 10:49:49] <4141488064> [info] nSXLd: Parent proxy disabled
[2018-10-04 10:49:49] <4141488064> [info] nSXLd: Cought SIGHUP. Configuration was reloaded with log severity: info
[2018-10-04 10:13:02] <4141488064> [info] nSXLd: caught SIGINT or SIGTERM signal. Stopping daemon
[2018-10-04 10:13:02] <4141488064> [info] nSXLd: nSXLd finished
[2018-10-04 11:16:06] <140414395914432> [info] nSXLd: Parent proxy disabled
[2018-10-04 11:16:06] <140414395914432> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-10-04 11:16:06] <140414395914432> [info] nSXLd: nSXLd started log level: info
[2018-10-15 08:30:10] <140414395914432> [info] nSXLd: caught SIGINT or SIGTERM signal. Stopping daemon
[2018-10-15 08:30:10] <140414395914432> [info] nSXLd: nSXLd finished
[2018-10-15 08:32:35] <139649003874496> [info] nSXLd: Parent proxy disabled
[2018-10-15 08:32:35] <139649003874496> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-10-15 08:32:35] <139649003874496> [info] nSXLd: nSXLd started log level: info
[2018-10-16 09:30:23] <140128346560704> [info] nSXLd: Parent proxy disabled
[2018-10-16 09:30:23] <140128346560704> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-10-16 09:30:23] <140128346560704> [info] nSXLd: nSXLd started log level: info
[2018-10-22 07:09:26] <140128346560704> [info] nSXLd: caught SIGINT or SIGTERM signal. Stopping daemon
[2018-10-22 07:09:26] <140128346560704> [info] nSXLd: nSXLd finished
[2018-10-22 07:29:10] <139760833509568> [info] nSXLd: Parent proxy disabled
[2018-10-22 07:29:10] <139760833509568> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-10-22 07:29:10] <139760833509568> [info] nSXLd: nSXLd started log level: info
[2018-10-24 09:45:18] <139664994441408> [info] nSXLd: Parent proxy disabled
[2018-10-24 09:45:18] <139664994441408> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-10-24 09:45:18] <139664994441408> [info] nSXLd: nSXLd started log level: info
[2018-10-26 09:37:02] <140034087237824> [info] nSXLd: Parent proxy disabled
[2018-10-26 09:37:02] <140034087237824> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-10-26 09:37:02] <140034087237824> [info] nSXLd: nSXLd started log level: info
[2018-10-26 11:08:17] <140136532351168> [info] nSXLd: Parent proxy disabled
[2018-10-26 11:08:17] <140136532351168> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-10-26 11:08:17] <140136532351168> [info] nSXLd: nSXLd started log level: info
[2018-11-05 08:14:40] <139880479586496> [info] nSXLd: Parent proxy disabled
[2018-11-05 08:14:40] <139880479586496> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-11-05 08:14:40] <139880479586496> [info] nSXLd: nSXLd started log level: info
[2018-11-06 14:45:17] <139880479586496> [info] nSXLd: caught SIGINT or SIGTERM signal. Stopping daemon
[2018-11-06 14:45:17] <139880479586496> [info] nSXLd: nSXLd finished
[2018-11-19 09:28:13] <139727068072128> [info] nSXLd: Parent proxy disabled
[2018-11-19 09:28:13] <139727068072128> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-11-19 09:28:13] <139727068072128> [info] nSXLd: nSXLd started log level: info
[2018-11-19 10:10:13] <139727068072128> [info] nSXLd: caught SIGINT or SIGTERM signal. Stopping daemon
[2018-11-19 10:10:13] <139727068072128> [info] nSXLd: nSXLd finished
[2018-11-19 10:24:31] <139691304495296> [info] nSXLd: Parent proxy disabled
[2018-11-19 10:24:32] <139691304495296> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-11-19 10:24:32] <139691304495296> [info] nSXLd: nSXLd started log level: info
[2018-11-20 16:12:46] <140271521704128> [info] nSXLd: Parent proxy disabled
[2018-11-20 16:12:46] <140271521704128> [info] nSXLd: Cache created with maximum number of 102400 records
[2018-11-20 16:12:46] <140271521704128> [info] nSXLd: nSXLd started log level: info

  • 0 in reply to Aditya Patel

    Hi Aditya,

    did you get any further information from the logs I provided?

    Nevertheless, we changed the DNS servers to our internal servers and that seems solve the problem.

    DNS-lookup now shows results and the request time seems to be ok (before, I had a blank results page):

    Allthough I don't know why, browsing speed is now fast with enabled security features! 

  • 0 in reply to ChristianD

    Hi Christian,

    I'm having this exact issue. I tried changing DNS server (local, google, opendns). Usually opendns works better but the slow browsing presents randomly.

    I get the same errors when checking the tcpdump for DNS (tcpdump -ni any port 53)

       ethertype Unknown (0x0af7)

       ethertype Unknown (0x0f3e)

       ethertype Unknown (0x0f3c)

     

    Have you got a solution for this? are you using PPPoE?

  • 0 in reply to SRsls

    Do you dump on a specific Interface? 

    ethertype Unknown could be a VLAN Interface and you are dumping on the hardware interface. 

  • 0 in reply to SRsls

    Hi sross,

    I'm afraid I can't help you since my originally problem didn't get solved [:^)]

    We are not using PPPoE.

  • 0 in reply to LuCar Toni

    LuCar,

    I have been following this related thread:
    community.sophos.com/.../xg-blocking-dns-lookup---dns-request-timeout-error

    tcpdump for a specific VLAN does not show "ethertype Unknown".

    nslookup from the XG takes long randomly.
    Clients using the XG as DNS server are affected.
    Clients using external DNS servers resolve ok (nslookup). However, browsing randomly fails. Webfiltering is DNS based, right?

     

    I have many devices affected by this.

  • 0 in reply to SRsls

    We have managed to solve this slow random DNS issue. The problem was having more than one WAN interface and only one of them having internet access.

     

    It helped having the weight of the WAN links configured but the problem still happened.

    In our scenario, it was viable to leave only one WAN interface to access the internet and set the other networks as LAN. DNS itself is directly consumed from public server.

    It worries me that XG probes all WAN interfaces to get DNS queries. Firewall rules do not affect the internal XG DNS client behaviour.

  • 0 in reply to SRsls

    Hi,

    did you set p the DNS in the XG and are you using the XG DNS in your search path?

    Ian

  • 0 in reply to rfcat_vk

    The DNS in the XG are set directly to the public servers.

    Guest clients receive the same DNS servers (public) through the DHCP.

    Only one client has the XG as the DNS server (required as the XG has 1 DNS entry registered).

    Having only one WAN interface solved all DNS problems. It wasn't a DNS problem per se. I get that I should only use WAN zones if the actually have internet access.

    I have not found a way to direct the XG DNS queries through a specific gateway.

Reply
  • 0 in reply to rfcat_vk

    The DNS in the XG are set directly to the public servers.

    Guest clients receive the same DNS servers (public) through the DHCP.

    Only one client has the XG as the DNS server (required as the XG has 1 DNS entry registered).

    Having only one WAN interface solved all DNS problems. It wasn't a DNS problem per se. I get that I should only use WAN zones if the actually have internet access.

    I have not found a way to direct the XG DNS queries through a specific gateway.

Children
No Data