This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering issues since 9.4 update, home license and box, HTTPS traffic

Hey all,

I wonder if anyone else is experiencing similar issues since last upgrade to 9.402-7.

Simply on many sites with HTTPS i have long delay when opening the site, sometimes it just time outs, often it says that DNS could not resolve it, and sometimes site loads in broken state (parts missing, distorted etc). It seems to be like that for 2-3 refreshes than it eventually loads. It happens for many different site on 3 different computers in my household and common thing is that we use Chrome. But when I disable Web Filtering on the UTM it all magically starts working quickly and with no problems?...

Is there a known problem with Web Filtering or there is configuration change somewhere I am not aware of?

Any help would be appreciated.



This thread was automatically locked due to age.
Parents
  • I need some details on your configuration, such as.

    1 - DNS Settings.

    2 - Web Filtering settings, items such as pharming protection, HTTPS scanning.

    Is the DNS error a browser error, or a UTM error?

    Tim Grantham

    Enterprise Architect & Business owner

  • Hi,

    LAN uses UTM as DNS. UTM passes queries to DNS group which contains 2 servers.

    Web Filtering uses Transparent Mode, HTTPS is not scanned in Transparent Mode (option not ticked). "Pharming protection"? First time heard here. What is it, where is it? Is it something new in 9.4?

    Also the whole point is that it is all gone when web filtering is turned off. Secondly The setup has been working correctly for around 1.5 year. It started after I upgraded to 9.4 few days ago. It is NOT just DNS, it is about slow loading sites, where parts of them are missing longer, or need refreshing, sometimes many times. Distinctive is message which seems to sit in Chrome status bar for long time "Establishing secure connection" while loading the page. It might be misleading though, as it could be for example Sophos page classification in the background stalling or anything else.

    Thanks.

  • Hello All,

    I found a problem :)

    So it is mentioned above "Pharming protection". I found it now. It is something new in 9.4 isn't it? It was turned on and I dont remember it at all. Anyway, turning it off fixed my issue. 

    This begs a question. Is it this thing working correctly? Does anyone else report similar problems with it? Were there any problems with it at development stage? Why is it on by default at firmware upgrade stage...?

  • How is your DNS configuration - are you using DNSSEC validation?  I've noticed that if a DNS server doesn't support DNSSEC then the Pharming protection can cause these kind of issues.

    Tim Grantham

    Enterprise Architect & Business owner

  • Well, nope. I don't use DNSSEC validation. 

    Again, to confirm that disabling "Pharming" sorted out the problem. It is a new thing, and there is even no entry for it in online help.

Reply Children
No Data