Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 30 subscribers
  • Views 16187 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 135 browsing is terrible

Louie Saldivar

Have XG 135 and browsing is terrible. Pages are taking 30 sec. to load. We currently have 50/50 fiber speeds.



This thread was automatically locked due to age.
  • 0

    Hi Louie,

    Do you have any malware scanning or web filtering etc.. enabled on the firewall rules?

     

  • 0 in reply to Vadym Orlyak

    Hello Vadym,

    Thank you for replying. 


    Here is my config. 

     

    Malware Scanning
    Scan Engine Selection
    Single Engine (Optimal Performance) Dual Engine
    Single scan engine is set to Sophos.
    Malware Scan Mode
    Real-time (Faster User Experience) Batch (Maximum Protection)
    Do not scan files larger than
    MB
    Content that could not be scanned
    Block (Best Protection) Allow
    Files that cannot be fully scanned because they are encrypted or corrupted may contain undetected threats.
    Advanced Settings
    Maximum file scan size for FTP
    MB
    Scan audio and video files
    Scan video and audio content for malware and threats. Scanning can cause issues with streaming audio and video players.
    Enable pharming protection
    Protect users against pharming and other domain name poisoning attacks by repeating DNS lookups before connecting.
    ______________________________________________________________________________________________________
     
     
    Rule Name
    Action
    AcceptDropReject
    Description
     
    Source
    Source Zones
    • LAN
    Add New Item 
    Source Networks and Devices
    • Any
    Add New Item 
     
    During Scheduled Time
    All the Time 
     
    Destination & Services
    Destination Zones
    • WAN
    Add New Item 
    Destination Networks
    • Any
    Add New Item 
     
    Services
    • Any
    Add New Item 
     
    Identity
    Match known users


    Malware Scanning
    Scan FTP

    Scan HTTP

    Decrypt & Scan HTTPS
    Advanced
     
     
     
     
     
     
     
    User Applications
    Intrusion Prevention
    None 
    Traffic Shaping Policy
    None 
    Web Policy
    Default Workplace Policy 
    Apply Web Category based Traffic Shaping Policy
    Application Control
    None 
    Apply Application-based Traffic Shaping Policy
    Synchronized Security

    Minimum Source HB Permitted:
    GREEN
    YELLOW
    No Restriction
    Block clients with no heartbeat




    Minimum Destination HB Permitted:
    GREEN
    YELLOW
    No Restriction
    Block request to destination with no heartbeat
    NAT & Routing
    Rewrite source address (Masquerading)
    Use Gateway Specific Default NAT Policy
    Use Outbound Address
    MASQ 
    MASQ (184.17.147.6)
    Primary Gateway
    WAN Link Load Balance 
    Backup Gateway
    None
    DSCP Marking
    Select DSCP Marking 0-Best Effort 1 2 3 4 5 6 7 8-Class 1(CS1) 9 10-Class 1,Gold(AF11) 11 12-Class 1,Silver(AF12) 13 14-Class 1,Bronze(AF13) 15 16-Class 2(CS2) 17 18-Class 2,Gold(AF21) 19 20-Class 2,Silver(AF22) 21 22-Class 2,Bronze(AF23) 23 24-Class 3(CS3) 25 26-Class 3,Gold(AF31) 27 28-Class 3,Silver(AF32) 29 30-Class 3,Bronze(AF33) 31 32-Class 4(CS4) 33 34-Class 4,Gold(AF41) 35 36-Class 4,Silver(AF42) 37 38-Class 4,Bronze(AF43) 39 40-Class 5(CS5) 41 42 43 44 45 46-Expedited Forwarding(EF) 47 48-Control(CS6) 49 50 51 52 53 54 55 56-Control(CS7) 57 58 59 60 61 62 63
    Log Traffic
    Log Firewall Traffic
     
  • 0

    HI Louie,

    Could you print the Output for the following command which you may run in Console. You may grey out the your External address for discretion.

    Console> system sh network interfaces 

  • 0 in reply to Louie Saldivar

    Please take screenshot of the LAN to WAN rule and also ssh to firewall and go to option 5 the to option 3 and run ifconfig command and post screenshot ow the WAN and LAN ports

  • 0

    Hi Sir,

    I also encounter same problem since we implemented XG 135 a month ago. We used 2 ISP with 20/20 bandwidth.

    Could someone help me on this please.

    Thanks

  • 0 in reply to Christopher de Vera

    Yes, if you access the XG UTM Web Admin from a Public URL, your traffic gets the rules assigned to public traffic.  It's not the greatest.  However, if you establish a VPN to the device and access the web admin through that to the LAN IP of the UTM, your pages will load much faster.  I could not really point to why, but I have this same problem with a couple places and when I do this, its much faster response time (2-3 seconds for pages to load).  This could be a fine workaround for you.  But it works best when you remotely control another system on location and use its browser to access the LAN IP directly instead of VPN even.

    Remember that you will need to allow access for the VPN to get web admin access.  See screenshot:

    I assume you already know how to build a Site-to-Site or client-based SSL VPN connection.

  • 0 in reply to Chris Shipley

    Hi Chris,

     

    Thanks on your immediate feedback but i forgot to mention that all users were all in a local network. XG 135 is the firewall that we have right now and since we deploy this lot of user complaining that there browser become slow accessing site page.

     

    Thanks

  • 0 in reply to Christopher de Vera

    Chris,

    some more info:

    what DNS are your users using?

    Are the pattern updated?

    Try to stop the IPS service and see if the web surfing becomes better.

    Are you swapping from an existing firewall/router with same IP? Pay attention with Mac address table on switches inside the network.

    Regards

  • 0 in reply to lferrara

    Hi,

    Yes I will try and observe this for a week. Thanks

    Regards,

  • 0 in reply to Christopher de Vera

    I thought it was the admin page, so sorry.