This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Application Firewall - Slow With Firewall Profile

I have a number of web applications published (websites, RDS) which work fine.

However, if I then add a firewall profile to them the page load times go up dramatically - 30 seconds or more. I've tried various settings within the firewall profiles but even with the most minimal settings the problem occurs.

Anyone know what could be causing this?

This thread was automatically locked due to age.

0 BarryG over 9 years ago

Hi,

1. I'm moving this to the WAF (WebServer Security) forum topic

2. please post some entries from the WAF log from when it's slow.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 9 years ago in reply to BarryG

Have a look here: https://community.sophos.com/products/unified-threat-management/astaroorg/f/57/t/50273

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Sophos Platinum Partner

--------------------------------------

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 jon8145 over 9 years ago in reply to BrucekConvergent

Have a look here: https://community.sophos.com/products/unified-threat-management/astaroorg/f/57/t/50273

Thanks - looks like it's the same issue as I'm getting the dns lookup errors.

I'll follow the other thread.
Cancel
Vote Up 0 Vote Down

Cancel
0 VCPAIT over 9 years ago in reply to jon8145

I'm running 9.307-6 on a UTM 220. When block clients with bad reputation is enabled my WAF protected sites are EXTREMELY slow (more than 1 min) to load. If I disable "block clients with bad rep as suggested in the above link, my sites are speedy again.

I'm also having an issue with my WAN interfaces going into "ERROR" link state, they go down and then come back up 10+ times per day. I have uplink balancing enabled on both wan connections. Sophos support looked into it said it was a DNS issue and that it was on the ISPs side however enabling\disabling the interfaces resolves the problem. Testing outside of the UTM on the ISP's end proves no problems there.

I suspect something is amiss with DNS here.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago

Hi, VCPAIT, and welcome to the User BB!

Did you read the link that Bruce provided above? Also, with your other DNS problems, you might be interested in DNS Best Practice.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel