Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 8565 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering possibly causing Outlook 2013 Freezing?

MichaelAllison

Hi All,

Our setup is as follows...

Sophos UTM9, Firmware 9.355-1, Pattern version 104045, running in 3 data centers in HA pairs.

Citrix Xenapp 6 (via PVS)

Office 2013

Exchange 2010 SP3

Windows 2008 R2

ESX 5.1

Issue:

We currently have users reporting Outlook 2013 freezing whilst performing random tasks: EG: Clicking between E-mails, Sending e-mails, clicking between folders.
I'm currently troubleshooting these issues and have gone through all Exchange related logs, PVS logs, Windows EVT logs, Storage SAN logs and cannot find any performance issues or errors that may lead to Outlook 2013 freezing.

I've been having a look at the Sophos HTTP logs over the past few days and have noticed that during these times of freeze I can see the "fullreqtime" range from 0.1 - 1 second during normal operation up to 60-120 seconds during the freeze period. 

I'm trying to rule out Sophos as being the issue so I was wondering if anyone could shed some light on this high request times? Are these normal and nothing to be worried about?

Server Name, Username, Domain and Source IP changed.

2016:06:27-16:46:14 SophosServer httpproxy[5791]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="InternalCitrixServer" dstip="23.99.121.207" user="CitrixUser" ad_domain="DummyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_ACC_GBL_e4e53128d9dc4c95abbd39f69146f21af21a (Allow - All sites except global blacklist)" size="5975" request="0xa0656000" url="nexus.officeapps.live.com/" referer="" error="" authtime="1386" dnstime="4" cattime="111" avscantime="0" fullreqtime="122577212" device="0" auth="2" ua="" exceptions="" category="172" reputation="neutral" categoryname="Interactive Web Applications"

2016:06:27-16:46:22 SophosServer httpproxy[5791]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="InternalCitrixServer" dstip="23.99.121.207" user="CitrixUser" ad_domain="DummyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_ACC_GBL_e4e53128d9dc4c95abbd39f69146f21af21a (Allow - All sites except global blacklist)" size="5261" request="0xc4e96000" url="nexus.officeapps.live.com/" referer="" error="" authtime="1245" dnstime="7" cattime="126" avscantime="0" fullreqtime="118911858" device="0" auth="2" ua="" exceptions="" category="172" reputation="neutral" categoryname="Interactive Web Applications"

2016:06:27-16:46:24 SophosServer httpproxy[5791]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="InternalCitrixServer" dstip="54.209.181.94" user="CitrixUser" ad_domain="DummyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_ACC_GBL_e4e53128d9dc4c95abbd39f69146f21af21a (Allow - All sites except global blacklist)" size="12018" request="0x297e8800" url="p13nlog.dz.optimizely.com/" referer="" error="" authtime="1207" dnstime="4" cattime="212" avscantime="0" fullreqtime="150236808" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"

2016:06:27-16:46:24 SophosServer httpproxy[5791]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="InternalCitrixServer" dstip="50.19.81.3" user="CitrixUser" ad_domain="DummyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_ACC_GBL_e4e53128d9dc4c95abbd39f69146f21af21a (Allow - All sites except global blacklist)" size="2632" request="0x93117800" url="304207300.log.optimizely.com/" referer="" error="" authtime="1505" dnstime="5" cattime="508" avscantime="0" fullreqtime="119229610" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"

2016:06:27-16:46:25 SophosServer httpproxy[5791]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="InternalCitrixServer" dstip="54.175.153.223" user="CitrixUser" ad_domain="DummyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_ACC_GBL_e4e53128d9dc4c95abbd39f69146f21af21a (Allow - All sites except global blacklist)" size="3516" request="0x2812d800" url="errors.client.optimizely.com/" referer="" error="" authtime="1493" dnstime="4" cattime="83" avscantime="0" fullreqtime="119603094" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Michael, and welcome to the UTM Community!

    Our standard practice is to configure so that users skip the Proxy for local accesses.  This is what most everyone does, so you probably won't find anyone that can give you a definitive answer whether the cause is the proxy.  Does the problem go away when the Proxy is skipped?

    With very high fullreqtime numbers like those, it's an indication that the server doesn't "like" the Proxy or that there are network problems (an Ethernet broadcast storm, a failing switch, etc.).

    Please let us know your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    We have all our internal servers and Exchange servers on the proxy bypass list already, but I'm a bit confused about the external office sites that Office is trying to connect to with the high process times, is this normal?

Reply Children
  • 0 in reply to MichaelAllison

    I see that I read your earlier post too fast.  I wonder if this isn't a phenomenon unique to Office 365 access from a Citrix session.  What happens when you try an access directly from a PC?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    The Office 2013 install is completely local, we're not using 365 currently but it seems that Outlook is still trying to speak to the outside world to resolve URLs.

    I'll try to bypass the proxy completely for a few users and will see how I go.

    Cheers,

    Michael.

Unfiltered HTML