extramly slow performance of Sophos XG web proxy after migration

Hallo all,

I replaced the web proxy from Barracuda to Sophos XG yesterday,   I follow the solution of this link https://community.sophos.com/kb/en-us/123522,  our network have different zone,   the gateway for all zone is Cisco ASA firewall,  the Sophos XG is in the zone DMZ as web and email proxy,   I use the same IP and Port of old Proxy (Barracuda),  because we don't want to change the Proxy configuration on every PC.   now I meet a critical problem,   the web performance is very slow after I replace web proxy from Barracuda to Sophos XG,  in the past,  the user can open a web page without any delay,   but now the user have to wait 5-10 second to open a web page,    I try to disable the IPS and WEB POLICY ,  but still same .   when I use chrome,   I can see the message on the bottom " waiting for proxy tunnel...."  when the page is loading,   I confirmed the auto search proxy is disable on browers .   I made an another test, put the Barracuda web protection online again ,  then change the proxy server to Barracuda IP on PC's browers,  user can open web page immediately.   it seems that Sophos XG has problem ,  who can help me to solve this issue,  I am really appreciate your help.

  • Hi,

    how do the users get to the XG?

    Possible the issue is the way your DNS is setup? The XG needs to be in the DNS path.

    Ian

  • In reply to rfcat_vk:

    Such deployments could also cause a Routing issue. 

    Please investigate the Proxy log with proxy debug enabled. 

    https://community.sophos.com/kb/en-us/132211

     

    Proxy debug: 

    service awarrenhttp:debug -ds nosync 

     

    (Same command to disable the proxy debug). 

     

    /log/awarrenhttp_access.log should show something.

    Can you post some entries? There should be a time reference for each request. 

  • In reply to rfcat_vk:

    all the user's browser  has been configured Proxy server (here is Sophos IP)  by GPO,   the client can reach the Sophos.