Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 1762 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Revisiting XG DPI engine.

Big_Buck

Hello

I have attemted to re-activate DPI engine this week end.  Unfortunately, problems I faced before are still too present.  Anything that show up images via http links turns into turtle pace.  Slow down to a crawl.  Facebook for exemple, becomes simply unworkable.

I've tried to put everything to "Maximum Compatibility" and yet, it is still very slow with a single user working.

I also always felt "Could not associate packet to any connection." was at exagerate proportions with XG.

Paul Jr



This thread was automatically locked due to age.
Parents
  • 0

    What XG are you using? Hardware or software?

    If It's software, is it a home license? What hardware are you running with it? What CPU?

     

    Big_Buck said:
    Anything that show up images via http links turns into turtle pace.  Slow down to a crawl.  Facebook for exemple, becomes simply unworkable.

    Four things:

    1. Also, just saying it's slow won't help that much, what kind of slowness are seeing? Did you check if It's slow only on the tls handshake or It's also slow after it with any kind of file transfer?
    2. Also what kind of speed are you getting while decrypting SSL/TLS traffic ? Or the issue exists even without decrypting the traffic?
    3. Is this slowness only present with SSL/TLS connections or it's also present with plain-text http? If it is, do you have AV scanning active?
    4. Is this issue only present on facebook? or any website?

     

    Big_Buck said:
    I've tried to put everything to "Maximum Compatibility" and yet, it is still very slow with a single user working.

    Changing the decryption profiles on it, as "Maximum Compatibility" or "Strict Compliance" won't change anything about the performance of it, They are just there to enforce SSL/TLS protocol/ciphers and so on.

     

    Big_Buck said:
    "Could not associate packet to any connection."

    You can ignore those.

     

    Thanks!

  • 0 in reply to Prism

    Hello

    Test firewall is an XG115 running latest v18.

    1. Also, just saying it's slow won't help that much, what kind of slowness are seeing? Did you check if It's slow only on the tls handshake or It's also slow after it with any kind of file transfer?
    2. Also what kind of speed are you getting while decrypting SSL/TLS traffic ? Or the issue exists even without decrypting the traffic?
    3. Is this slowness only present with SSL/TLS connections or it's also present with plain-text http? If it is, do you have AV scanning active?
    4. Is this issue only present on facebook? or any website?

    On LinkedIn or Facebook pages, it can take up to five seconds to scroll down a page.  WEB pages texts, titles, et.c. appears instantaneously.  It's mostly linked images that takes forever to appear, and somewhat "elaborated" HTTP content that's slowed down.

    The SSL/TLS rule could not be simpler:

    In Firewall logs, "SLL/TLS Inspection section", everything is inspected the way I expected.  Virtualy no error.  All exeptions are respected.  Like "windows update" for example.

    My Internet link is 100 meg/seconds.  While I am using Facebook, I get these test speeds:

    Which is much more than what I need.

    It really appears XG is the bottle neck.

    I have AV scanning active.

    Note that on that particular picture, "Decrypt HTTPS .." is opted out.

    Paul Jr

     

     

Reply
  • 0 in reply to Prism

    Hello

    Test firewall is an XG115 running latest v18.

    1. Also, just saying it's slow won't help that much, what kind of slowness are seeing? Did you check if It's slow only on the tls handshake or It's also slow after it with any kind of file transfer?
    2. Also what kind of speed are you getting while decrypting SSL/TLS traffic ? Or the issue exists even without decrypting the traffic?
    3. Is this slowness only present with SSL/TLS connections or it's also present with plain-text http? If it is, do you have AV scanning active?
    4. Is this issue only present on facebook? or any website?

    On LinkedIn or Facebook pages, it can take up to five seconds to scroll down a page.  WEB pages texts, titles, et.c. appears instantaneously.  It's mostly linked images that takes forever to appear, and somewhat "elaborated" HTTP content that's slowed down.

    The SSL/TLS rule could not be simpler:

    In Firewall logs, "SLL/TLS Inspection section", everything is inspected the way I expected.  Virtualy no error.  All exeptions are respected.  Like "windows update" for example.

    My Internet link is 100 meg/seconds.  While I am using Facebook, I get these test speeds:

    Which is much more than what I need.

    It really appears XG is the bottle neck.

    I have AV scanning active.

    Note that on that particular picture, "Decrypt HTTPS .." is opted out.

    Paul Jr

     

     

Children
  • 0 in reply to Big_Buck

    Big_Buck said:
    WEB pages texts, titles, et.c. appears instantaneously.

    Big_Buck said:
    t's mostly linked images that takes forever to appear, and somewhat "elaborated" HTTP content that's slowed down.

    So It's not a issue with the Decryption part itself, It looks fine, Well, your getting 100Mbit/s with it.

     

    So,

    Can you open the same websites but with AV Scanning disabled?

    I'm asking this, since AV Scanning on XG slows down the traffic too much.

    Another thing, In the XG Admin page, can you go to WEB => General Settings, and check if "Scan audio and video files" is disabled?

     

    Thanks!

  • 0 in reply to Prism

    I will try with AV disabled later.  But meanwhile look at what's happening: 

    The image here on EBay will take forever to load.  With TLS/SSL/DPI disabled, it becomes instantaneous yet with AV up and running.

    Paul Jr

  • 0 in reply to Big_Buck

    Could you dig deeper into this issue with Chrome Developer tools?

    As you can check, which resource takes longer, you could try to find out, if there is a external website, which is actually causing this issue or not