I'm working with astaro support but i wanted to see if anyone is getting random but often errors from astaro about connection resets or timeouts with the proxy turned on?
I'm working with astaro support but i wanted to see if anyone is getting random but often errors from astaro about connection resets or timeouts with the proxy turned on?
I'm also having the same problem. There's no point in stating URLs because this behavior is random. Content filter says: error="Connection to server timed out".
Also this seems to slow down the proxy to all users.
500 users, eDirectory SSO, content filtering, 1 profile, 2 filter assignments and two filter actions configured...
After moving to 7.1, using the proxy is actually impossible.
Timing 10 - 30 seconds to web page to download and very often we are getting the "This page cannot be found" messages.
Also the Webadmin behavior is very slow.
Eventually I had to stop using the HTTP Proxy in order to let my users the possibility to use the Internet.
Downloading, Skype and the other services seems to work fine.
This problem getting much worse when a big number of users are using the Internet.
I have the same problem:-) The Astaro box fails a up2date prefetch and then the html proxy fails - no web browsing is possible without rebooting the ASG box.
Above is the last log entry I see when a download fails. I've tcpdump'd traffic and sniffed the public nic when troubleshooting, and all a see is the packets stop. No RST flags, no DF, nothing out of the ordinary that I can tell.
We run 6 ASG525's in a cluster (one's dead currently). Any insight would be wonderful. Thanks
Having the same issue with timeouts in 7.101 as the previous posters. Oddly enough my bandwidth skyrockets when the timeouts start to happen to often. Looking into this issue with support and the ISP. Has anybody seen inbound bandwidth peg up completely with the inbound address's coming from AKAMI's network?
The Akamai traffic is usually some software updater, such as the Adobe Acrobat updater.
Barry
The timeouts are pretty random. But this AKAMAI issue is something else, I did notice that most of the offending address' are on that net. Doing further research shows AKAMAI provides bandwidth and services for many of the common internet services and companies we all use. I think my client is getting DOS attacks..
The ASG220 is dropping the packets as it should. My servers are not affected, but my bandwidth gets consumed when the event happens. I am filing an abuse form with Akamai today. More when I know...
I had the same issue with 7.101 and not able to access cdw.com using the Web Proxy. I am using a PPPoE connection with Verizon DSL, and had no problems with the NetGear FVS328 that I replaced with the Astaro 7.101. I opened a ticket with Astaro support and they came up with the following solution :
Login to the console :
#sysctl -w net.ipv4.tcp_timestamps=0
To set this permanently, edit /etc/sysctl.conf and add the following to the end :
net.ipv4.tcp_timestamps = 0
Support did say this would create problems with some web sites, but I have been running it like this for two weeks and users haven't complained yet. [:)]
I had the same issue with 7.101 and not able to access cdw.com using the Web Proxy. I am using a PPPoE connection with Verizon DSL, and had no problems with the NetGear FVS328 that I replaced with the Astaro 7.101. I opened a ticket with Astaro support and they came up with the following solution :
Login to the console :
#sysctl -w net.ipv4.tcp_timestamps=0
To set this permanently, edit /etc/sysctl.conf and add the following to the end :
net.ipv4.tcp_timestamps = 0
Support did say this would create problems with some web sites, but I have been running it like this for two weeks and users haven't complained yet. [:)]
