This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatic proxy config very slow

Revan over 8 years ago

Hello,

we recently changed our UTM from an ASG220 to a virtual appliance.

Almost everything is working as expected besides the automatic proxy configuration via wpad.

It works fine when i set the proxy manually in the browser.

When i change to wpad the browsers need about 20-30 seconds before they start to load a website.

Webfilter log doesn`t show anything blocked.

I tried to made the wpad available over an IIS or directly in the UTM, both variants showed the same delay before the websites began to load.

I can download the wpad file when i type the url in the adressfield of the browser.

How may i find out why the automatic proxy config doesn`t work as it should?

This thread was automatically locked due to age.

Parents

0 BAlfson over 8 years ago

Hi Revan,

Please share your PAC file contents with us.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 8 years ago

Hi Revan,

Please share your PAC file contents with us.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Revan over 8 years ago in reply to BAlfson

Good Morning,

of course, here it is:

function FindProxyForURL(url, host)
{
    // If the requested website is hosted within the internal network, send direct.
    var resolved_ip = dnsResolve(host);
    if (isPlainHostName(host) ||
        shExpMatch(host, "*.local") ||
        isInNet(resolved_ip, "10.10.10.0", "255.255.255.0") ||
        isInNet(resolved_ip, "10.10.20.0", "255.255.255.0") ||
        isInNet(resolved_ip, "192.168.32.0", "255.255.255.0") ||
        isInNet(resolved_ip, "192.168.33.0", "255.255.255.0") ||
        isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
        return "DIRECT";

   // Set the desired proxy server for local addresses
   if (isInNet(myIpAddress(), "10.10.10.0", "255.255.255.0"))
         {return "PROXY 10.10.0.10:8080" ;}
   if (isInNet(myIpAddress(), "10.10.20.0", "255.255.255.0"))
         {return "PROXY 10.10.0.10:8080" ;}
   if (isInNet(myIpAddress(), "192.168.32.0", "255.255.255.0"))
         {return "PROXY 10.10.0.10:8080" ;}
   if (isInNet(myIpAddress(), "192.168.33.0", "255.255.255.0"))
         {return "PROXY 10.10.0.10:8080" ;}
   if (isInNet(myIpAddress(), "192.168.198.0", "255.255.255.0"))
         {return "PROXY 10.10.0.10:8080" ;}
   if (isInNet(myIpAddress(), "192.168.200.0", "255.255.255.0"))
         {return "PROXY 10.10.0.10:8080" ;}

    // If the hostname matches or contains outlook.com or office 365.com, send direct.
    if (dnsDomainIs(host, ".outlook.com") ||
        dnsDomainIs(host, ".office365.com"))
        return "DIRECT";

   // For all other networks, set proxy
   return "PROXY 10.10.0.10:8080" ;
}

0 BAlfson over 8 years ago in reply to Revan

Maybe I'm missing something, Revan, but doesn't the "// Set the desired proxy server for local addresses" section conflict with the first one?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Revan over 8 years ago in reply to BAlfson

No, the dnsResolve(host) command describes the requested host while myIPAddress returns the source host.

Besides that, this script worked before we migrated to the new vUTM.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to Revan

Ah yes, I didn't read closely enough. I can't see anything, Revan. Please share with us what Sophos Support has to say.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Revan over 8 years ago in reply to BAlfson

That`s a good question. i had a phonecall yesterday with our (new) partner. This one even didin`t know what a wpad file is. [:(]

Didn`t know that this is so advanced technology [^o)] that not even platinum partners can solve my problem here.

Is it possible to direct contact Sophos support without a service contract?
Cancel
Vote Up 0 Vote Down

Cancel
0 Tobi_K over 8 years ago in reply to Revan

Hey Revan,

how do you deploy your wpad.dat? DHCP, DNS, both?

Which Browser do you use?
Cancel
Vote Up 0 Vote Down

Cancel
0 Revan over 8 years ago in reply to Tobi_K

Both DHCP and DNS at IIS and UTM.

Browsers are Firefox, IE11, Edge and Vivaldi.

The Clients can download the wpad file but there is always a delay before the website begin to load of about 20-30secs and after that the requested site load very slowly.
Cancel
Vote Up 0 Vote Down

Cancel
0 Revan over 8 years ago in reply to Revan

Ok, the problem is solved.

In the End it was a faulty DNS setting that was the problem.

Fortunatly now its working again.

Thanks to Bob and Tobias for your time :D

Have a good weekend
Cancel
Vote Up 0 Vote Down

Cancel