This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

http traffic not coming through

Hi,

I have a very odd issue with my UTM.

I've noticed this issue before but it went away somehow coming back today:

from time to time (about every 30 Minutes) websurfing is not possible anymore for a few minutes (5-10). Whenever that happens I see a lot of bandwidth beeing used to download something from "sophos content filter framework" in the flow monitor.

Until now it has already produced traffic of about 15 GB and I see this in my Network usage:

I have restarted the webproxy a few times now, changed the Content filter database to "mem", changed AV-Scanning to "single" and it seems gone.

Any ideas what caused this?

Cheers
Chris

This thread was automatically locked due to age.

0 Krycek over 11 years ago

It's doing it again.
Sophos Content Filter Framework download uses all the bandwidth it gets. Even though it is throttled and only gets like 8 Mbps (of the 16 available), surfing is not possible. I've noticed this in my webfilter log (notice the second half):

2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs04.astaro.com' access time: 29ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs01.astaro.com' access time: 29ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs27.astaro.com' access time: 31ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs20.astaro.com' access time: 31ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs05.astaro.com' access time: 32ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs21.astaro.com' access time: 33ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs02.astaro.com' access time: 52ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs12.astaro.com' access time: 81ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs22.astaro.com' access time: 82ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs19.astaro.com' access time: 80ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs11.astaro.com' access time: 81ms" 
2013:09:18-07:56:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs09.astaro.com' access time: 119ms" 
2013:09:18-07:56:56 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs23.astaro.com' access time: 202ms" 
2013:09:18-07:56:56 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs13.astaro.com' access time: 204ms" 
2013:09:18-07:56:56 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs03.astaro.com' access time: 232ms" 
2013:09:18-07:56:56 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs06.astaro.com' access time: 248ms" 
2013:09:18-07:56:57 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs07.astaro.com' access time: 301ms" 
2013:09:18-07:56:57 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs25.astaro.com' access time: 363ms" 
2013:09:18-07:56:57 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs14.astaro.com' access time: 364ms" 
2013:09:18-07:56:58 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs18.astaro.com' access time: 369ms" 
2013:09:18-07:56:58 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs24.astaro.com' access time: 376ms" 
2013:09:18-07:56:59 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs08.astaro.com' access time: 569ms" 
2013:09:18-07:56:59 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs17.astaro.com' access time: 518ms" 
2013:09:18-07:57:00 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs15.astaro.com' access time: 568ms" 
2013:09:18-07:57:00 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs16.astaro.com' access time: 582ms" 
2013:09:18-07:57:01 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs26.astaro.com' access time: 573ms" 
2013:09:18-07:57:02 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_check_servers" file="scr_scanner.c" line="767" message="server 'cffs10.astaro.com' access time: 714ms"
2013:09:18-08:01:25 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="706" message="reloading config" 
2013:09:18-08:01:25 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="569" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known" 
2013:09:18-08:01:25 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="2798" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080" 
2013:09:18-08:03:22 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="avira_reload" file="avirascanner.c" line="266" message="reloading Avira pattern" 
2013:09:18-08:03:29 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="avirascanner_log" file="avirascanner.c" line="89" message="Successfully initialized Avira SAVAPI library 1.4.0, expires 20140331, AVE 8.2.12.120, VDF 7.11.102.248 (5651122 signatures)" 
2013:09:18-08:03:29 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="avira_reload" file="avirascanner.c" line="283" message="reloading av pattern finished" 
2013:09:18-08:03:55 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="717" message="reloading list (1)" 
2013:09:18-08:03:57 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1126" message="Unable to allocate 393595532 bytes for control list" 
2013:09:18-08:03:57 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="719" message="list reload failed, fallback to disk db" 
2013:09:18-08:03:58 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1126" message="Unable to allocate 393595532 bytes for control list" 
2013:09:18-08:03:58 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1126" message="Failed to load list '/var/pattern/sfcontrol/sfcontrol' return code '10'" 
2013:09:18-08:03:58 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="722" message="failed to load list(31), will fallback to remote lookup" 
2013:09:18-08:03:58 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_log" file="scr_scanner.c" line="1126" message="Attempted to retrieve control list serial number but no control list is loaded" 
2013:09:18-08:03:58 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_update_list" file="scr_scanner.c" line="730" message="list version: 41969" 
2013:09:18-08:03:59 pluto httpproxy[31590]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="741" message="reloading config done, new version 3813"

During this nothing happens in the log for some minutes and then it starts working again and I see the normal entries from surfing in the log again.

0 Krycek over 11 years ago
Cancel
Vote Up 0 Vote Down

Cancel
0 Krycek over 11 years ago
After talking to my reseller about this it seems we found the source of the Problem, which is described here:
https://community.sophos.com/products/unified-threat-management/astaroorg/f/80/t/65173

So I changed it back to "remote lookup" for now.
cc set http sc_local_db none
/var/mdw/scripts/httpproxy restart
Cancel
Vote Up 0 Vote Down

Cancel
0 Thiago Palmeira over 11 years ago

So, a new firmware update was released today and it tells us this...

"We fixed an issue with POP3 mails that could occur during a pattern update as well as an issue wit some GET requests in HTTP-Proxy."
source:UTM Up2Date 9.106 Released | Sophos Blog

As the content filter does get requests on http://http.00.s.sophosxl.net, can this update fix the download loop?
Cancel
Vote Up 0 Vote Down

Cancel