Hi folks,
I noticed that some pages are very slow since the upgrade to UTM 9.352-6. Don't know if this has to do with the upgrade.
But today I also noticed many blocked packets from external hosts in the overview tab of "Network Protection". I did some investigation and found out, that these blocked packets are answers to HTTP request, which are processed by the transparent WebProxy. One of the blocked hosts is https-178-79-242-217.fra.llnw.net, which is used by "Sophos Mobile Security" on my mobile phone.
I can see the HTTP requests from "Sophos Mobile Security" in the web proxy log, which are not blocked:
2016:01:10-12:33:02 jasnet httpproxy[3184]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.20" dstip="178.79.242.217" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffJasneWebfiActio (Default)" size="225" request="0xdf687800" url="d1.sophosupd.com/.../sdds.smsec_version.xml" referer="" error="" authtime="0" dnstime="1" cattime="29699" avscantime="2694" fullreqtime="1034871" device="0" auth="0" ua="Dalvik/2.1.0 (Linux; U; Android 5.1.1; xxxxx)" exceptions="" category="105" reputation="trusted" categoryname="Business" application="sophupda" app-id="794" content-type="text/xml"
And I also can see the HTTP answer from 178.79.242.217 in the firewall log, which is blocked (becaue he don't know this connection):
12:33:03 Default DROP TCP
178.79.242.217 : 80
→
192.168.10.20 : 47123
[RST] len=40 ttl=64 tos=0x00 srcmac=xxx
This happend also to some other sites/Servers and clients. I think this is not a normal behaviour, and could be responsible for the slow websites.
Has anyone the same problem? What should I do?
Thank you!
Jas
This thread was automatically locked due to age.
