We'd love to hear about it! Click here to go to the product suggestion community
There are many posts concerning this same symptom however nearly all have centered on proper DNS settings and ensuring the the Web Polices are configured properly. The issue I am experiencing does not appear to relate to any of those I have found because my testing utilizes: (1) The recommended DNS settings; and (2) Bare bones config that does not filter anything.
This issue makes the XG unusable in my particular environment and if left unresolved, the XG will be pulled from service.
As mentioned above, I ensured that my testing included the fixes I was able to find in the other posts discussing this symptom. A summary of the pertinent points follows:
Despite all of the above config and testing, the slow page load times persist whenever the Web Policy is set in the FW rule. Making the single change of removing the Web Policy from the FW rule immediately restores the page load times to what they are as if the XG was not even in the network - i.e. sub 3-5s.
Interesting Point: The actual throughput performance is NOT affected - only web page load times. I have performed literally hundreds of throughout tests using Speedtest and DSL Reports - all run great once the page loads thereby reinforcing the idea that there is some flow inspection issue going on here.
In reply to Gavin Ramm:
OK - good to know - also, can I ask which XG version you are running?
In reply to cyberzeus:
this problem was solved?Kindly regards.
In reply to Bruno Ramos:
I see this too. Any updates?
In reply to Jelle:
After last update, problem was solved
It has been a while since I first reported this issue but I can confirm that this does work much better for me now.
The SFOS has been upgraded since I initially reported the issue (17.0.6 MR-6 now vs. 17.0.0 GA with the initial report) and while my config is a little different than the initial setup, I can say that I've had Web Policies configured for a while and page loads have been very fast. Literally no degradation when compared to a no Web Policy config.
In addition, I moved my DNS into the XG rather than having my endpoints go out to external DNS (i.e. Google).
So, from my perspective, this is resolved.