I'm working with astaro support but i wanted to see if anyone is getting random but often errors from astaro about connection resets or timeouts with the proxy turned on?
I'm working with astaro support but i wanted to see if anyone is getting random but often errors from astaro about connection resets or timeouts with the proxy turned on?
I'm also having the same problem. There's no point in stating URLs because this behavior is random. Content filter says: error="Connection to server timed out".
Also this seems to slow down the proxy to all users.
500 users, eDirectory SSO, content filtering, 1 profile, 2 filter assignments and two filter actions configured...
After moving to 7.1, using the proxy is actually impossible.
Timing 10 - 30 seconds to web page to download and very often we are getting the "This page cannot be found" messages.
Also the Webadmin behavior is very slow.
Eventually I had to stop using the HTTP Proxy in order to let my users the possibility to use the Internet.
Downloading, Skype and the other services seems to work fine.
This problem getting much worse when a big number of users are using the Internet.
I recently updated from 7.011 to 7.1 and I am experiencing performance issues with the proxy. I have a support request currently open and will update the board with what they have to say.
Same problem here. What I'm seeing is a massive amount of packets being dropped from my external interface going out on port 80 and 53. I'm using transparent proxy for http and also the DNS proxy.
I've now added an additional packet filter rule to allow External Interface -> Any -> Any to stop any packet loss. It seems to be okay now.
I'm going to be testing this throughout the day - mind you, if it is still painfully slow, my users will be the first to let me know!
Well even though I've gotten rid of the packet loss, it's still slow and it looks like something is max'ing out my bandwidth.
Investigating further we've done about 7GB of traffic yesterday from Firefox mirrors. The lastest release of Firefox came out yesterday and it looks like we've been having major problems with it's auto updater. This continued this morning to the point I've blocked download.mozilla.org and ftp-mozilla.netscape.com to alleviate the traffic.
I'm not sure whether this is just a coincidence the FF update came out the day I upgraded to ASG 7.1, and the FF update is broken or whether ASG is screwing with the update.
FWIW, I noticed one of the FF Update mirrors with a .jp TLD was blocked by the content filter (as unknown, I think). I don't see that using any external bandwidth though, since it's blocked.
Specifically regarding Mozilla downloads (Firefox). Their downloads seem to work on a round robin of servers. If you kick off a download, and it's slow, stop it and kick it off again until you get to a local server that gives you decent performance for the download. Each time you start it, you'll probably be on a different server. Some of them are simply very slow, and some quite fast.
Yep that's what happened, eganders. I initially blocked ftp-mozilla.netscape.com thinking there was a problem downloading the update from their site, and the clients switched to another site which I left running over night hoping it would sort itself out.
Nope, no love. I had to block the download.mozilla.org domain to it couldn't find another mirror.
Hi all , is not a mozilla-servers problem but is the new HTTP-Proxy that have a lot of problems. There are same missconfigurations among the net-conf and the net-filter files due the kernel can't dialog with them. We must wait the next update and take the Proxy stopped at this moment ---and NOT any-any-any in the packet filter rules. in this way you can do everything without the firewall---.
The problem seems to be the HTTP and DNS proxies (haven't tried the generic); I was getting dropped packets on both http and dns ports.
Note: I didn't set a filter for any-any-any. The source is the external IP address, externalIP-any-any. Granted the services should really be just http(s) and dns though.
Can you please login to your ASG, and provide the output of the 'top' command when there are a lot of users are using the proxy? What do you have configured regarding caching/virus scanning in the HTTP Proxy?
Can you please login to your ASG, and provide the output of the 'top' command when there are a lot of users are using the proxy? What do you have configured regarding caching/virus scanning in the HTTP Proxy?
