This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Application Firewall - Slow With Firewall Profile

I have a number of web applications published (websites, RDS) which work fine.

However, if I then add a firewall profile to them the page load times go up dramatically - 30 seconds or more. I've tried various settings within the firewall profiles but even with the most minimal settings the problem occurs.

Anyone know what could be causing this?


This thread was automatically locked due to age.
  • Hi, 

    1. I'm moving this to the WAF (WebServer Security) forum topic

    2. please post some entries from the WAF log from when it's slow.

    Barry
    • CTO, Convergent Information Security Solutions, LLC

      https://www.convergesecurity.com

      Sophos Platinum Partner

      --------------------------------------

      Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

      • Have a look here:  https://community.sophos.com/products/unified-threat-management/astaroorg/f/57/t/50273


        Thanks - looks like it's the same issue as I'm getting the dns lookup errors.

        I'll follow the other thread.
        • I'm running 9.307-6 on a UTM 220. When block clients with bad reputation is enabled my WAF protected sites are EXTREMELY slow (more than 1 min) to load. If I disable "block clients with bad rep as suggested in the above link, my sites are speedy again.

          I'm also having an issue with my WAN interfaces going into "ERROR" link state, they go down and then come back up 10+ times per day. I have uplink balancing enabled on both wan connections. Sophos support looked into it said it was a DNS issue and that it was on the ISPs side however enabling\disabling the interfaces resolves the problem. Testing outside of the UTM on the ISP's end proves no problems there.

          I suspect something is amiss with DNS here.
      • Hi, VCPAIT, and welcome to the User BB!

        Did you read the link that Bruce provided above?  Also, with your other DNS problems, you might be interested in DNS Best Practice.

        Cheers - Bob
         
        Sophos UTM Community Moderator
        Sophos Certified Architect - UTM
        Sophos Certified Engineer - XG
        Gold Solution Partner since 2005
        MediaSoft, Inc. USA