Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 12652 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Automatic proxy config very slow

Revan

Hello,

we recently changed our UTM from an ASG220 to a virtual appliance.

Almost everything is working as expected besides the automatic proxy configuration via wpad.

It works fine when i set the proxy manually in the browser.

When i change to wpad the browsers need about 20-30 seconds before they start to load a website.

Webfilter log doesn`t show anything blocked.

I tried to made the wpad available over an IIS or directly in the UTM, both variants showed the same delay before the websites began to load.

I can download the wpad file when i type the url in the adressfield of the browser.

How may i find out why the automatic proxy config doesn`t work as it should?



This thread was automatically locked due to age.
Parents
  • 0

    Hi Revan,

    Please share your PAC file contents with us.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Good Morning,

    of course, here it is:

    function FindProxyForURL(url, host)
    {
        // If the requested website is hosted within the internal network, send direct.
        var resolved_ip = dnsResolve(host);
        if (isPlainHostName(host) ||
            shExpMatch(host, "*.local") ||
            isInNet(resolved_ip, "10.10.10.0", "255.255.255.0") ||
            isInNet(resolved_ip, "10.10.20.0", "255.255.255.0") ||
            isInNet(resolved_ip, "192.168.32.0", "255.255.255.0") ||
            isInNet(resolved_ip, "192.168.33.0", "255.255.255.0") ||
            isInNet(resolved_ip, "127.0.0.0", "255.255.255.0"))
            return "DIRECT";

       // Set the desired proxy server for local addresses
       if (isInNet(myIpAddress(), "10.10.10.0", "255.255.255.0"))
             {return "PROXY 10.10.0.10:8080" ;}
       if (isInNet(myIpAddress(), "10.10.20.0", "255.255.255.0"))
             {return "PROXY 10.10.0.10:8080" ;}
       if (isInNet(myIpAddress(), "192.168.32.0", "255.255.255.0"))
             {return "PROXY 10.10.0.10:8080" ;}
       if (isInNet(myIpAddress(), "192.168.33.0", "255.255.255.0"))
             {return "PROXY 10.10.0.10:8080" ;}
       if (isInNet(myIpAddress(), "192.168.198.0", "255.255.255.0"))
             {return "PROXY 10.10.0.10:8080" ;}
       if (isInNet(myIpAddress(), "192.168.200.0", "255.255.255.0"))
             {return "PROXY 10.10.0.10:8080" ;}

        // If the hostname matches or contains outlook.com or office 365.com, send direct.
        if (dnsDomainIs(host, ".outlook.com") ||
            dnsDomainIs(host, ".office365.com"))
            return "DIRECT";

       // For all other networks, set proxy
       return "PROXY 10.10.0.10:8080" ;
    }
  • 0 in reply to Revan

    Maybe I'm missing something, Revan, but doesn't the "// Set the desired proxy server for local addresses" section conflict with the first one?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    No, the dnsResolve(host) command describes the requested host while myIPAddress returns the source host.

    Besides that, this script worked before we migrated to the new vUTM.

Reply Children
Unfiltered HTML