All-
I am in the process of removing the cable boxes in my home replacing them with a two Roku devices. In the course of this activity I discovered adding the Roku devices(network group) to the transparent skiplist ( web protection>filtering options>misc>transparent mode skip list>skip transparent mode source and check the box allow http/s traffic for listed hosts/nets) resulted in unusual slowness while enguaged in loading a number channels. Netflix and youtube tv were the most affected. Initially as a work around I used a masquerade rule roku devices group>external wan. The masquerade rule worked very well performace wise. However the firewall log grew to a huge size filling with RST logging from the Roku devices. Today allowed time to investigate further and provided a clear answer. In my case I am using both the web proxy and application control. What I discovered is that one must also add the Roku devices to the application control skip hosts/nets (web protection>application control>advanced>skip hosts/nets). Additionally I have an exception in the IPS skipping all checks from the Roku devices>and going to these destinations>any (network protection>intrusion prevention>exceptions). I removed the masqerade rule and one fire allowing the Ruku devices to go out on ports 80 443. Given there was a masqerade rule in place the firewall rule was likely not needed. By following the above noted step performance was equal to or better then using a masquerade rule and completely absent of any RST loggin issues. I supect I am not seeing any logging related to the Roku devices is because the web proxy handles logging differently than firewall rules. Either way I now am experiencing very good performance absents of issues. My hope is my quest will help another who has experienced this issue.
Thanks,
Jim
This thread was automatically locked due to age.