Poor performance & timeouts after 9.703

I've seen problems with the Web Protection after updating to 9.703 on at least two UTMs, where intermittently websites will not load irrespective of client device or browser.  Turning the Web Protection off solves the problem immediately.  The fault is not consistent, and often the Web Protection will work fine for a few hours before stopping again. 

I've reviewed the Web Protection log and there is nothing in there that would indicate why it's preventing simple pages (like www.google.com) from loading.  The Web Protection config:

  • Transparent Mode
  • HTTPS - URL filtering only
  • Allow all except suspicious websites
  • AV scanning single engine; block PUA
  • The policy check indicates that the sites should load OK

My only fix so far is to disable Web Protection at a couple of sites to restore reliable web browsing.   Is anyone else experiencing this? 

  • Do you see anything relevant in the Firewall or Intrusion Prevention log?

    Cheers - Bob

  • Hi Charlie E,

    Thank you for reaching out to the Community! 

    Have you noticed CPU to memory spikes during the time users experience this issue? Do you use internal DNS servers? 

    Could you please confirm the configured AV engine?

    Could you also provide the websites that you have bypassed that restored reliable web browsing? 

    Thanks,

  • Hi Charlie E,

    Could you please PM me the support access id from your firewall for further investigation? 

    Follow this KBA: Sophos UTM: How to grant access to Support using Support Access Management.

    Thanks,

  • In reply to H_Patel:

    Hi Balfson,

    I haven't seen anything related in the Firewall or IPS.  I'll turn the Web Protection back on and check again today. 

    H_Patel,

    I'll have to check the resource usage but I don't remember noticing it on either device.  I don't use internal DNS at either site - both are pointing to Cloudflare.  The AV engine is Sophos, and finally, I've actually had to disable Web Protection as the site bypass function wouldn't have been practical (even things like google.com wouldn't load in the browser). 

    I'll see if I can configure support access later today.  I'll need to get permission from one of the site owners. 

  • In reply to Charlie E:

    Hi Charlie E,

    If you have a support cased already open for this issue, please provide the case Id as well as the support access id. 

    Thanks,