Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 1636 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Delay in loading first web page only

Mike-A

Hi everyone, I'm a long time UTM user that just made the cut over to Sophos Firewall and I've got one nagging issue that I can't figure out.  The first time a user goes to browse a web page, there is a delay of 10-15 seconds or so.  Once you get past that initial delay, all surfing is normal and will remain normal until there is a period of inactivity, which starts the cycle again. 

This issue also appears to only impact web browsing (or maybe all traffic on 80/443) but does not impact other traffic like ping.  Ping resolves a host name immediately without delay, even while I sit waiting for that first page to load.

I've got a basic setup at the moment with virtually everything at the defaults.  I've configured to Sophos to use 8.8.8.8 for DNS and I'm assigning that out with DHCP to clients.  No IDS/IPS, Web Proxy, or anything else is even enabled yet.

Here's the piece that I find really strange...

This delay only happens when a client has obtained their address through DHCP.  If I configure that same client statically, but using all the same info (IP, Subnet, Gateway, DNS) then the delay is gone.

For example, my main desktop has a DHCP reservation to assign it 192.168.210.100, subnet mask 255.255.255.0, gateway 192.168.210.1 and DNS 192.168.210.1.

When I use those same values but set the IP static instead of DHCP, no more delay in loading that first page.

I'm obviously missing something but I'm at a loss for what.  I just migrated off UTM 9.7x and did not have this issue.

Thoughts?



This thread was automatically locked due to age.
  • 0

    Hi,

    please check the gateway and DNS assigned by the DHCP server.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    DHCP is configured to use interface as gateway IP and also use device's DNS settings.  DNS in Sophos is configured to use 8.8.8.8.

    After messing around some more, it does appear that this delay is also unique to Windows.  I noticed that my Android phone didn't have any delay in browsing, and I just tested an old Chromebook which also has no delay.  Windows 10 and 11 both have the delay but only when receiving an IP via DHCP.

  • 0

    Do a F12 / Developer console check. What kind of load is waiting on your Client. You should be able to see the actual kind of request, delaying. This will help to find the actual root cause. 

    __________________________________________________________________________________________________________________

  • 0

    Developer mode didn't help, but I went to get a better look with Burp and that is when I found a key piece of info.  Windows is set to Automatically detect settings for the system proxy - which is why the issue was the same across multiple browsers.

    Turning off automatically detect settings does eliminate the delay, but can anyone shed some light on why I'm getting that delay in the first place?

    I've always had automatically detect enabled since it's the Windows default setting and it caused no delays in UTM 9.  I haven't configured any web proxy settings at all in XG yet, so I'm surprised the automatic detection takes so long to time out.

  • 0 in reply to Mike-A

    SFOS does not have a Proxy/WPAD Hosting system. Maybe you have a GPO or something to publish a WPAD, which is not there anymore, which results in timeouts until the web failback to HTTP/S occurs. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Nope, this is just my home network there are no GPOs or anything else going on.  Literally the only change I made was to replace UTM 9 with Sophos Firewall and these delays popped up.

  • 0 in reply to Mike-A

    Which service in Browser takes so long? You should see this in the network analyse of the browser developer tool. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Proxy Negotiation has a nearly 20s delay when Windows is set to automatically detect settings.

  • 0 in reply to Mike-A

    I am not a Windows expert, but this does not look like a Firewall issue. 

    support.microsoft.com/.../effa1aa0-8e95-543d-6606-03ac68e3f490

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    I respectfully disagree.  The article you linked has specific criteria that do not apply in my situation, as the products and services they reference are not in use.  I am not actually using a proxy configuration script, but rather the default Windows setting is to check for one.

    Whether this is the fault of Windows or Sophos is debatable, but the most compelling fact is that this delay only started after replacing UTM 9 with Sophos Firewall.  There is something in the default configuration of Sophos Firewall that is causing Windows go through a 15-20 second timeout when looking for an automatic proxy configuration, rather than having a quick confirmation that no proxy exists.  

    Yes, I can disable the default Windows setting on every client but I much rather make a change on the Sophos side rather than touching every Windows machine that comes on the network.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?