Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 30 subscribers
  • Views 5173 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow first response HTTP / HTTPS

Thomas Hommers

Hi,

i am trying to troubleshoot an issue with a XG Firewall SG115 running SFOS 17.5.6 MR-6.

1. When I open a http website e.g. http://google.de the request will be redirected to https://www.google.de and first response is slow when "http scan" in firewall rule is enabled. When open https://www.google.de directly, response time is good.

2. When I set a policy at intrusion prevention inside the firewall rule, both http and https first response is slow, regardless of "http scan" enabled or disabled.

3. When I set sophos as a fixed proxy in the browser the response times are fine.

What could be wrong ? Is this standard behaviour or eventually some configuration mistake ?

 

Thanks in advance for all help.

 

Regards,

Thomas



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Thank you for contacting us.

    When you try to access http://google.de/, the redirection happened from the server end to https, the server will ask the browser to initiate the traffic over https instead of HTTP and when you directly execute the URL over https redirection would not require and you can see the difference while accessing the website over HTTP and HTTPS.

    If you applied IPS policy/Web/App filter and HTTP/HTTPS scanning, it will capture all the packets passing through that firewall rule and all the described module will scan the traffic to apply optimum security and it will result in bit delay to access the website.

  • 0 in reply to Keyur

    Hi Keyur,

     

    thanks for your reply. I believe that the delay of several seconds (compared to several ms) I am facing is not the usual "bit delay" you are talking about. How could I further troubleshoot the issue ? Why I don't see the issue when setting the XG as proxy ?

    Thanks and regards,

    Thomas

Reply
  • 0 in reply to Keyur

    Hi Keyur,

     

    thanks for your reply. I believe that the delay of several seconds (compared to several ms) I am facing is not the usual "bit delay" you are talking about. How could I further troubleshoot the issue ? Why I don't see the issue when setting the XG as proxy ?

    Thanks and regards,

    Thomas

Children
No Data