Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 27 replies
  • Subscribers 0 subscribers
  • Views 12379 views
  • Users 0 members are here
Options
Suggested

[9.200] Web Protection Speeds

StephenWeber
Has anyone else noticed a pretty severe performance decrease on the latest release of UTM 9.2 soft Release?

I've got 3 UTMs, 2 UTM 220 and 1 UTM 320 that have had their Web Protection Speeds significantly reduced.  I've done multiple tests with different policies and still come up with the same problem.  For instance, Facebook today took 2 Minutes to process through the UTM before it started to display the logon page.

Network Traffic, CPU Usage and Memory Usage are all normal.  I've even tried turning off Caching with no success.  The only fix for the speed is to turn off Web Protection.

Web Protection is configured on the Default Profile with Transparent and Agent Authentication.
Parents Reply Children
  • 0 in reply to StephenWeber
    Hi All, 

    After update 9.193011, I have the same issue. I tried to bypass Astaro(it is in trasp mode) and my router ADSL works great with no such a delay. If I disable Web Filtering, web browsing becomes very fast. In Live Log, I also have Dns Time very high. I have tried to put different public DNS(as well as those of ISP). No way. 

    q2srw77, did you fix it?If yes, how?

    Thank you.

    Luk
  • 0 in reply to StephenWeber
    Here is a sample of a few lines.  It looks DNStime is really high. 

    2014:03:24-00:12:52 IDSFW httpproxy[12903]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.8" dstip="165.254.24.158" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="225" request="0xe4da880" url="http://d1.sophosupd.com/update/catalogue/sdds.sdu.xml" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="61439" device="0" auth="6"

    2014:03:24-00:12:54 IDSFW httpproxy[12903]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.8" dstip="23.33.187.88" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="225" request="0xe4db320" url="http://d2.sophosupd.com/update/catalogue/sdds.data0910.xml" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" error="" authtime="0" dnstime="84868" cattime="0" avscantime="0" fullreqtime="137429" device="0" auth="6"

    2014:03:24-00:22:54 IDSFW httpproxy[12903]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.4" dstip="23.74.2.58" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe1448cc0" url="http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl" exceptions="av,auth,content,url,cache,fileextension" error="" authtime="0" dnstime="110547" cattime="0" avscantime="0" fullreqtime="135614" device="0" auth="6" application="http"

    2014:03:24-00:22:58 IDSFW httpproxy[12903]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.4" dstip="23.74.2.58" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe1448cc0" url="http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl" exceptions="av,auth,content,url,cache,fileextension" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="16549" device="0" auth="6" application="http"

    2014:03:24-00:54:09 IDSFW httpproxy[12903]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.4" dstip="23.33.187.91" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="412" request="0xe4dbdc0" url="http://dci.sophosupd.com/cloudupdate/b/9e/b9e414a77cc7c4679943b752ee67f3ee.xml" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size" error="" authtime="0" dnstime="40243" cattime="0" avscantime="0" fullreqtime="206331" device="0" auth="6"


    your utm is having dns issues.  How is the dns for your utm setup?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Unfiltered HTML