Slow access to AWS buckets with UTM & Application Control


I'm running a dual SG330 V 9.706-9 in HA (failover).

We have a vendor supplied application that records and updates vital records. As part of the system you upload various scanned files, usually in .tif format. 

When you upload, it then shows an image of the document. The vendor is storing the documents in what looks to be an Amazon S3 bucket.

The file has a format like

The nnnn looks to be a random number the software generates. The xxx-abe-xyz. refer to us. When the file finally downloads it is a image2345.tif 

Anyway, the response time to either view an uploaded document or view a document on an already uploaded case is terrible. 

If I retrieve a file outside the Sophos UTM, the download is virtually instant. This test was conducted using our ISP, just outside the Sophos UTM The files are usually around 150KB or so. Inside it can take a minute or more to view a file. 

I tried all kinds of things in the SG - Nothing I tried in the web protection (bypassing scanning, caching, etc.) was of any help. Turning off web protection made no difference. 

I finally tried turning off Application Control, and voila, nearly instant download. I turned Application Control back on and put Amazon Web Services in the allowed applications, made no difference. On the advanced tab I added the to the "ship Hosts/Nets section, and again. made no difference.

The only way I could find to get the downloads from the AWS to work with any speed was to turn off the Application Control under the network visibility. 

Note that with it on, the files do eventually download, but are VERY slow - on the order of 100's of bits/second. With application control on, the download is nearly instant. 

The box doesn't seem over taxed, CPU 5-6%, memory 25%. Our primary internet is a 200M/200M fiber connection, and that's not swamped. 

Any ideas? I don't want to leave the Application control off for too long, but that is the only way I can find to have the app work.

Note that the vendor was previously hosting the files on their own server farm, and it worked fine then. When they put the files on the S3 is when the problems seemed to have started. Other entities using the same service don't seem to be having the problem. but guessing maybe they don't have quite the security appliance we have.

OK Learned Minds!! Ideas on getting it to work properly with Application Control turned on?


John S. 

  • Hey John,

    What do you see in the AppCtrl log when this happens?  In the Web Filtering log?

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA