Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with Web Application Firwall

Good evening,

we are using an SG 330 friewall just for Spam-/Virusfiltering auf our Mails, Remote Access with SSL-VPNand Web Application Firewall. Two of our applications are PRTG an Exhange.

SSL-VPN is working very well. Mails are not too time Crica and seem to also work well. However we see issues to access our Servers to the Web Application Firewall. The access is veeerrrrrryyy slogw. This isl related to OAW, OWA and Active Sync. Not the only cause but the most imortant of them.

The firewall itself seems not to be overloaded (Regarding Proxies, Bandwidth and CPU) and setting up another virtual SG for the Web Application frewall did not helb. It started faster but finally came to an exhaustion and End.

Waht might be the case of this? Ist there any fine and Perfomrance tuning.

 

Best regards,

Bernd



This thread was automatically locked due to age.
Parents
  • Bernd, did the link jmu provided help?

    Bernd würde kein Problem mit frankysweb.de haben, jmu - ihr seid beide in Deutschland !

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Bernd, did the link jmu provided help?

    Bernd würde kein Problem mit frankysweb.de haben, jmu - ihr seid beide in Deutschland !

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi,

    it was not a problem wiith the configuration of the web application firewall.

    We contacted support and after a while they tweaked the number of worker processes.

    I did not know excatly what they did and where. The Filesystem of a Sophos SG is not the same you expect from linux systems. Basically they increased the workers from 800 to 1600. This was done by increasing the processes from 16 to 32 with keeping the numbers of threads by process at 50. The CPU Load increased about 10%-15% an we see that we had a lot of more connections than 800 during the working hours (nearly 1200).

    The config is described here: httpd.apache.org/docs/2.4/en/mod/worker.html

    This can be monitored here: https://community.sophos.com/kb/en-us/123512

    Best regards,
    Bernd