ATP
I have seen an issue with ATP on every firmware version that has been released. I have over 30 units deployed at various clients and I have tested and verified this issue on several models including the XG85W, XG105W, XG115W, XG125W, and the XG210.
I have tested and re-tested every firmware version that has been released, and the only way to "fix" the issue is to either disable ATP or to stop the IPS service completely.
I have a case open with support, so hopefully they can get this resolved soon.
I am interested to see if everyone can reproduce this issue on their units by following my testing process. Please give it a shot and post if you have similar results.
NOTE: All my testing was done with one LAN-to-WAN rule and no web filtering, application filtering, or IP rules configured.
1. Install Google Chrome and the "Page Load Time" plugin found here - https://chrome.google.com/webstore/detail/page-load-time/fploionmjgeclbkemipmkogoaohcdbig?hl=en
2. In google chrome open a tab and enable developer mode by hitting F12
3. In developer mode panel hit the menu button (the three vertical dots) and click on settings. Then scroll to the "Network" section and check the box next to "Disable cache (while DevTools is open)" This will cause Chrome not to cache any pics, etc... which will be crucial to do the testing correctly.
4. Disable ATP on the Sohpos firewall and wait 5 minutes or so just to make sure all the services have stopped.
5. Load and refresh the following websites to establish a base line for how long it takes web pages to load. (Remember this MUST be done with the developer menu open so that the images do not cache when you reload the web pages).... The "Page Load Time" plugin will give you the load times. Take a note of the load times for the following sample sites: nba.com, amc.com, msnbc.com, cnn.com, foxnews.com,
6. Open an SSH session and go the advanced shell prompt (option 5 then 3)
7. enter the "top -d 1" command to see the CPU refresh every second
8. Start the ATP service and wait 5 or so minutes to make sure that the services have started and with the developer mode still enabled (F12) and the "Disable cache (while DevTools is open)" still enabled as well, reload those same webpages.
9. In my experience, the pages hang for 3-4 seconds, start loading, hang again for 3-4 seconds and finish loading. And what I find is that some pages that take 4 seconds to load with ATP turned off, will take up to 9-20 seconds to load with it turned on. And while the pages hang you will see the snort process spike to 99% - 100%
Please share your findings.
This thread was automatically locked due to age.
