Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Firmware version: 9.601-5 and before
I have had "general" slow responses on the WebAdmin website, and the recent update seemed to slow things down even more with timeouts etc... possibly a loopback effect?
I also have a throttle on QoS "Download Throttle" on HTTP and I found a huge improvement turning off the Throttle... obviously not the fix I wanted.
So the fix...
Web Protection > Filtering Options > Misc : Transparent Mode SkiplistAdd the domain name/IP of your WebAdmin to "Skip Transparent Mode Destination Hosts/Nets" and "Apply"
Give the UTM a bit of time to warmup and I'm sure you'll notice a performance improvement .
I would wonder if this workaround works, as the skiplist is for transparent mode of the web proxy, where port 4444 isn't intercepted or touched by the web proxy anyway. And in standard mode the skiplist is ignored and port 4444 isn't in the default (port) list for the proxy too.
I assume your issue is relates to sth. different.
QoS only might in best case affect WA, if it's wrong configured from the bandwidth to calculate or if the uplink is going near to saturated.
Other possible cause might be DoS protection, if active, but if I remember right, critical system services used to be excluded from IPS, QoS and DoS protection in UTM, just to avoid breaking of critical device services by user configuration.
A common cause is, that the box for some reason is under heavy load making WA inresponsive.
After QoS or DoS changes there also shouldn't be a "warmup time". A applied config change works or works not....without delay....
In reply to SaschaParis:
Yes this workaround works, I wouldn't waste my time otherwise sharing the info :)Changes were not made to QoS or DoS.... QoS was fine and not saturated and neither was the box under a heavy load.I dropped using port 4444 years ago, I cant say it was ever an issue in the past. The issue is related to something different? ... possibly?I've been using this product long enough to know, nothing is instantaneous... any changes often need 3 or 4 minutes for everything to settle.
Thanks for the tip. It works for me. My RAM also drop from hovering 80% to around 65%.
Your solution is good for users that have changed the HTTPS port back to 443and are in Transparent.
I confirm that using the Proxy with any UTM is a problem. I use Standard mode and skip the Proxy for all of my clients in 'LAN Settings' [Advanced].
Cheers - Bob