Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 30 subscribers
  • Views 5173 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow first response HTTP / HTTPS

Thomas Hommers

Hi,

i am trying to troubleshoot an issue with a XG Firewall SG115 running SFOS 17.5.6 MR-6.

1. When I open a http website e.g. http://google.de the request will be redirected to https://www.google.de and first response is slow when "http scan" in firewall rule is enabled. When open https://www.google.de directly, response time is good.

2. When I set a policy at intrusion prevention inside the firewall rule, both http and https first response is slow, regardless of "http scan" enabled or disabled.

3. When I set sophos as a fixed proxy in the browser the response times are fine.

What could be wrong ? Is this standard behaviour or eventually some configuration mistake ?

 

Thanks in advance for all help.

 

Regards,

Thomas



This thread was automatically locked due to age.
  • 0 in reply to LuCar Toni

    I am now trying to debug the proxy logs awarrenhttp_access.log and awarrenhttp.log

     

    1. Currently I am seeing a flood of this message in awarrenhttp.log:

    gr_io: Resource temporarily unavailable, after retrying 5 times

    What does it mean ?

     

    2. I see this high value for dnstime:

    1563542161.759655652 [ 9843/0x7f5dbf428c00] fwid=14 fwflag="V" iap=0 aap=0 conn_id=58943200 id="0001" name="http access" action="pass" method="POST" srcip="X.X.X.X" dstip="104.107.217.55" user="" statuscode=200 cached=0 trxlen=0 rxlen=85 url="ocsp.int-x3.letsencrypt.org/" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=6069492 cattime=270 avscantime=0 fullreqtime=6071279 ua="Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" activity="" av_transaction_id="" categoryname="CRL and OCSP" category="13" app_id=0 app_name="None" app_cat="None" exceptions=""

    Could this have something to do with very slow page loading times ?

     

     

    Thanks and Regards,

    Thomas

  • 0 in reply to Thomas Hommers

    Most likely this DNS Time is to high. 

    You should check the DNS Forwarder, maybe change to another forwarder etc. 

    Test some results with nslookup on the GUI etc.