Websites load slowly or not at all without Web-Proxy


we have the problem that in general all websites load slowly and many others do not load at all. We use version 19 (SFV4C6 / 19.0.0-B317) as VM in Hyper-V.

Here are some examples of websites that cannot be accessed at all:

The basic problems (e.g. DNS or WAN-Connection) can definitely be ruled out. We spent several hours with the Support of Sophos and they desperately adjusted all the options. We were then told that we must enable in a rule the "Use web proxy instead of DPI engine" option for HTTP & HTTPS-Connections.

But that doesn't make any sense to us at all. Why do we have to enable the old web proxy to be able to access websites quickly and generally? There must be a way to access websites (HTTP/HTTPS) without web filtering. The other question is why the problems also exist with the DPI-Engine and only the old web proxy works reliably.

As mentioned above, after activating the following options, all websites can be loaded without problems and also at a good speed:

  • Use web proxy instead of DPI engine > Active
  • Web-Policy > Any (e.g. Allow All)

Maybe someone can help us or explain the background.


Edited TAGs
[edited by: emmosophos at 6:25 PM (GMT -7) on 23 May 2022]
  • Hi,

    the web proxy is used if you want full policy scanning.and the DPI engine does not as of the current version scan UDP traffic. In the web settings do you have any boxes ticked, if so you will be using the web proxy.

    Icloud will need exceptions enabled along with all the other apple sites.


    XG115W - v19 GA - Home

    1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.

    If a post solves your question please use the 'Verify Answer' button.

  • This. Are there any TLS decryption rules in effect? If so, do is there an earlier rule that forces no decryption for the Sophos-maintained list? (And also your hand-curated list.The very first thing I look at when a website fails is if it showed up as decrypted in the TLS logs.

Reply Children