we are using an SG 330 friewall just for Spam-/Virusfiltering auf our Mails, Remote Access with SSL-VPNand Web Application Firewall. Two of our applications are PRTG an Exhange.
SSL-VPN is working very well. Mails are not too time Crica and seem to also work well. However we see issues to access our Servers to the Web Application Firewall. The access is veeerrrrrryyy slogw. This isl related to OAW, OWA and Active Sync. Not the only cause but the most imortant of them.
The firewall itself seems not to be overloaded (Regarding Proxies, Bandwidth and CPU) and setting up another virtual SG for the Web Application frewall did not helb. It started faster but finally came to an exhaustion and End.
Waht might be the case of this? Ist there any fine and Perfomrance tuning.
Bernd, did the link jmu provided help?
Bernd würde kein Problem mit frankysweb.de haben, jmu - ihr seid beide in Deutschland !
Cheers - Bob
it was not a problem wiith the configuration of the web application firewall.
We contacted support and after a while they tweaked the number of worker processes.I did not know excatly what they did and where. The Filesystem of a Sophos SG is not the same you expect from linux systems. Basically they increased the workers from 800 to 1600. This was done by increasing the processes from 16 to 32 with keeping the numbers of threads by process at 50. The CPU Load increased about 10%-15% an we see that we had a lot of more connections than 800 during the working hours (nearly 1200).
The config is described here: httpd.apache.org/docs/2.4/en/mod/worker.html
This can be monitored here: https://community.sophos.com/kb/en-us/123512