Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 4420 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using ISO for 9.5 or above causes non-proxy web traffic to be dropped/slowed after the virus definitions are loaded the first time

GoBlando

So, I thought I was taking crazy pills, but after much testing, for UTM home, if I used a 9.5 iso or higher, web traffic will not flow properly unless it is through the proxy. 

Steps to reproduce:

  1. Use software appliance ISO for any version of 9.5 or higher
  2. Install new installation
  3. Upload home license
  4. Do not restore from backup
  5. When doing setup, do not enable web proxy, IPS, or anything.
  6. On login, disable automatic pattern updates.
  7. Add a firewall rule forall internal to any
  8. Do a speed test at dslreports/speedtest (everything will be ok here)
  9. Next update the virus patterns
  10. Reboot firewall
  11. Do the same speed test.  You will not get past 20mbps, and if you do, it will be interrupted or not perform as expected
  12. Now enable the web proxy in transparent mode
  13. Do the same speed test.  You will get the same perfect results you got in step 8.
  14. Now add the device you are testing the to transparent skip list
  15. Do the speed test, you will get the results from step 11, not breaking 20mbps, and some websites will not load for strange reasons

At this point, until you wipe the device again, there is no setting you can make that will make throughput match the expected value unless you use the proxy.  On top of that, some services just can't work anymore.  The prime example is the blizzard pc client.

After working with this family of products for 10 years, I have to say this is the worst thing I have ever seen (except when a virus update bricked my device in v7 days).

I have tested on dedicated hardware and in Hyper-V with intel nics.  Using a 9.3 iso does not cause the problem.  However, when I applied the updates to the latest, the dedicated hardware had strange issues with new devices added to the transparent skip list.  The Hyper-V seemed to work as expected so it is anyone's guess what is happening here.

Things I have tried:

  • Hitting it with a hammer
  • Countless rules
  • Switching hardware platforms
  • Countless web filtering rules
  • Swapping virus engines
  • Too many other things

The first symptoms I had was when I updated my 9.4 home installation to 9.5.  Blizzard stopped working, so I added my pc to the transparent skip list.  All of the sudden I couldn't get lots of random sites to load (they get DNS errors).  It is just really, really strange.  Below is a snapshot of the speed test histories through many configs, installs and tests.



This thread was automatically locked due to age.
Unfiltered HTML