Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 13127 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG310 Slow websites and random page timeouts

John Sly

We recently installed a new Sophos XG310 Firewall and have been plagued with websites randomly loading slowly or timing out completely. I don't think my device is being over worked:

 

I have a very basic and simple setup. A class B network, 255.255.0.0 and a basic outbound firewall rule of:

 

If I check my logs, I can see a lot of internal address failing to reach external sites. 

How can I found out more details about

Invalid Traffic Rule 0

Local ACL Rule 0

Please help before management makes me take out the Sophos and put back the shitty CISCO ASDM device from 1990!!!

Thanks!

John



This thread was automatically locked due to age.
  • 0

    What firmware are you running, we found that slow web pages *seems* to be fixed in 16.05 MR4?

  • 0

    John,

    Rule 0 typically means the appliance drop the packets by default and this could due to IPS.

    Do you have another firewall rule that's above the "Outbound Access" with Application Filter enabled?

    Because from your Control Center screenshot there's data shown under Allowed App Categories. Maybe you have that rule with IPS enabled? 

    Please show us your IPS logs and ATP logs.  

    Can you also logon to the Advanced Shell and type the following command:

    conntrack -E -d 199.68.35.6

    and try to access the website again while the command is running? Take a screenshot of the results.

     

    po

  • 0 in reply to ecompo

    I just did the 16.05 MR4 update, I'll see how things go today. I'm still seeing outbound port 80 & 443 web traffic being denied, so I'm not that positive, but I do think things are faster. 

  • 0 in reply to John Sly

    The  IPS logs and ATP logs don't have anything recent in them. I have these features turned off while I've been trouble shooting this. 

    I've already received 2 complaints today that things are slow.

  • 0

    Hi John,

    Local ACL states unavailability of the Firewall rule. Check #1 and #4 in my troubleshooting guide and show me the output of, "ifconifg" and drop-packet-capture for the source when the issue is active.

    Thanks