This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering kills the speed of an AWS RDS application

I am having an issue with Web Filtering and an RDS application hosted in AWS on a UTM9 SG105 with Firmware version 9.210-20. I added everything I could find for AWS servers and IPs into a whitelist exception, but whenever I turn Web Filtering back on their application starts to crawl. Times basically double for all actions. Is there any specific settings I need to enable in web filtering to make it exclude all RDS applications from scanning?

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 9 years ago

is there a way to assign more resources on the UTM so Web Filtering so that it processes faster
No, it's not possible to manually assign resource allocation, except by disabling features and/or optimizing settings for efficiency (reordering rules or reducing size of lists, as examples).

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 9 years ago

is there a way to assign more resources on the UTM so Web Filtering so that it processes faster
No, it's not possible to manually assign resource allocation, except by disabling features and/or optimizing settings for efficiency (reordering rules or reducing size of lists, as examples).

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BrucekConvergent over 9 years ago in reply to Scott_Klassen

So... it sounds like you are using the Web Proxy in transparent mode.  I have no doubt it is affecting your access.

Since the IP behind the FQDN you have listed no doubt changes time to time (most AWS services do), one fix I would normally implement in your case would not work (at least not forever) -- you could place that IP or host definition in the Transparent Skiplist in the advanced configuration of the web filter; this would make the https traffic to that host travel unmolested (as if the web filter is not there at all) directly to Amazon.

A more permanent fix:  switch from transparent mode proxy to Standard mode -- configure proxy settings on your PCs, etc. (or use a PAC file), with a bypass rule set to not send any traffic going to your RDS URL via the proxy.

Other option:  place the RDS in a VPC, and use your UTM to establish a VPC tunnel to it... exclude the VPC subnet(s) from use in the proxy.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel