+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 43 of 43
Internet Related/Filtering/Firewall Thread, How slow is your Smoothwall? UTM or own hardware? in Technical; Are you running a transparent proxy for your BYOD?...
  1. #31
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    412
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    41
    Are you running a transparent proxy for your BYOD?

  2. #32
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    255
    Thank Post
    40
    Thanked 26 Times in 22 Posts
    Rep Power
    42
    Quote Originally Posted by andyrite View Post
    Are you running a transparent proxy for your BYOD?
    Yes we are with HTTPS turned on and Redirect users to SSL login page (with session cookie)

  3. #33
    andyrite's Avatar
    Join Date
    Apr 2007
    Posts
    412
    Thank Post
    7
    Thanked 90 Times in 71 Posts
    Rep Power
    41
    Untick inspect https traffic. Does it make a difference?

  4. #34
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    255
    Thank Post
    40
    Thanked 26 Times in 22 Posts
    Rep Power
    42
    @tom_newton

    After removing all of our BYOD from our Smoothwall box over half term today with less than 400 users logged into Smoothwall our load averages are still crazy high. Roughly 650% CPU for dansguardian and 100% for datastore.

    Can you confirm this is normal CPU load usage for the amount of users vs. hardware spec?

    Regards

  5. #35

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,088
    Thank Post
    402
    Thanked 618 Times in 565 Posts
    Rep Power
    180
    Quote Originally Posted by tom_newton View Post
    An upgrade. Yes. Clicky clicky, waity waity, ooh, done. Should be fun
    I'm sure the Smoothwall newsletter said it would be a new install?

  6. #36
    Gaz
    Gaz is offline

    Join Date
    Feb 2011
    Location
    Preston
    Posts
    790
    Thank Post
    136
    Thanked 66 Times in 58 Posts
    Rep Power
    19
    Quote Originally Posted by Edu-IT View Post
    I'm sure the Smoothwall newsletter said it would be a new install?
    Already asked.
    http://www.edugeek.net/forums/smooth...it-update.html

  7. #37

    Join Date
    May 2007
    Location
    Brighton
    Posts
    5
    Thank Post
    2
    Thanked 4 Times in 3 Posts
    Rep Power
    0
    We had this on one site. Turned out to be a bad (everything, everywhere for everyone) choice of HTTPS inspect rule. Once I was a bit more sensible (by selecting the groups in who rather than everyone things got much better.

  8. 2 Thanks to brougham:

    lmgtfy (5th November 2013), Willott (12th November 2013)

  9. #38
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    255
    Thank Post
    40
    Thanked 26 Times in 22 Posts
    Rep Power
    42
    Quote Originally Posted by brougham View Post
    We had this on one site. Turned out to be a bad (everything, everywhere for everyone) choice of HTTPS inspect rule. Once I was a bit more sensible (by selecting the groups in who rather than everyone things got much better.
    Thanks I will certainly try this. That's the problem I'm just stabbing in the dark trying different things hopefully we will get somewhere in the end.

  10. #39

    Join Date
    Dec 2007
    Posts
    863
    Thank Post
    90
    Thanked 164 Times in 139 Posts
    Rep Power
    49
    Quote Originally Posted by Edu-IT View Post
    I'm sure the Smoothwall newsletter said it would be a new install?
    Just installed update this morning...
    http://www.edugeek.net/forums/smooth...hwall-x64.html

  11. #40
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    255
    Thank Post
    40
    Thanked 26 Times in 22 Posts
    Rep Power
    42
    OMG I can't believe this after months of problems, 4 tickets, countless technicians, phone calls and remote sessions I think I have found the fix. Was reading the latest news letter November 2013 from Smoothwall and in there it had a section entitled "Force NoSSL on Google!"

    It mentions users who have been using Smoothwall HTTPS filtering which we do won't have seen any issue but you can use the Beta Google NoSSLSearch to prevent inappropriate content if you don't use HTTPS interception.

    Now this got me thinking if Google is our highest usage domain and all traffic is going through HTTPS and being decrypted and inspected for students (excluding updates, banks etc) this is going to cause a huge load as @brougham mentioned earlier. So I made a new content modification policy with the new Beta Google NoSSLSearch for everyone and all I can say is WOW, the load averages have come down from 12-13 to 3-4 this is amazing, we were considering spending 5k to solve this problem as everyone suggested it was a hardware issue. I am both annoyed and relieved that this is now sorted. I just hope support read this and can add this to their knowledgebase so other customers don't have to spend the amount of time I have fixing this for themselves.


    Capture.PNG

  12. 2 Thanks to lmgtfy:

    Willott (12th November 2013), zag (5th November 2013)

  13. #41


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,087
    Thank Post
    361
    Thanked 600 Times in 383 Posts
    Rep Power
    246
    Quote Originally Posted by chrisrowlands View Post
    OMG I can't believe this after months of problems, 4 tickets, countless technicians, phone calls and remote sessions I think I have found the fix. Was reading the latest news letter November 2013 from Smoothwall and in there it had a section entitled "Force NoSSL on Google!"

    It mentions users who have been using Smoothwall HTTPS filtering which we do won't have seen any issue but you can use the Beta Google NoSSLSearch to prevent inappropriate content if you don't use HTTPS interception.

    Now this got me thinking if Google is our highest usage domain and all traffic is going through HTTPS and being decrypted and inspected for students (excluding updates, banks etc) this is going to cause a huge load as @brougham mentioned earlier. So I made a new content modification policy with the new Beta Google NoSSLSearch for everyone and all I can say is WOW, the load averages have come down from 12-13 to 3-4 this is amazing, we were considering spending 5k to solve this problem as everyone suggested it was a hardware issue. I am both annoyed and relieved that this is now sorted. I just hope support read this and can add this to their knowledgebase so other customers don't have to spend the amount of time I have fixing this for themselves.


    Capture.PNG
    Noted.

    Although I've come into this thread late, it is worth explaining a bit about that Sophos thing. Essentially, every time the client machine makes a request, Sophos intercepts the request and sends a request of its own upstream to Sophos to check that the request is 'safe' before it is passed along to the Default Gateway or Proxy. This effectively doubles or triples the number of requests made which can have a serious impact on box performance. Annoyingly Sophos won't actually TELL you what it's doing either. I had a case recently where a web page wouldn't load properly and we tried everything we could think of until I noticed the Sophos application on the client machine. We turned it off and immediately the site worked like a charm. Sophos is probably one of our biggest headaches simply because it doesn't pop up a little 'Sophos is protecting you from the big bad' so there is no way of knowing whether it is your web filter or Sophos that is interfering with a site. Additionally, Sophos will not support authentication requests so if you are running NTLM, requests will fail unless you add the Software Updates category to your auth exceptions.

    Out of curiosity, if you were to look in our knowledgebase for an article about this issue, how would you search for it? What search terms would you use?
    Last edited by AMLightfoot; 5th November 2013 at 02:29 PM.

  14. Thanks to AMLightfoot from:

    lmgtfy (5th November 2013)

  15. #42
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    255
    Thank Post
    40
    Thanked 26 Times in 22 Posts
    Rep Power
    42
    Quote Originally Posted by AMLightfoot View Post
    Out of curiosity, if you were to look in our knowledgebase for an article about this issue, how would you search for it? What search terms would you use?
    Maybe "High Load average and/or Slowness" I see you have put it on already but other than that keywords maybe CPU that's about it. We did turn off the Sophos web protection for a day and it didn't seem to make much of a difference to general load averages but I can certainly see why it might effect some sites and I will bare it in mind if our smoothwall goes slow. But for the time being I am once again happy :-)

    Thanks

  16. #43

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    572
    Thank Post
    38
    Thanked 114 Times in 104 Posts
    Rep Power
    46
    I believe that change has also made a significant difference to us as well. The other interesting thing I found was that if I put just that rule into a category group, it then doesn't show up on any policy wizards - if I add in another rule as well (or add it to an already used category group) it does and applies. May just be something odd with our Smoothy, but wondered if anyone else saw the same thing. (or whether there's a setting somewhere related to [beta] categories)

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. How messy is your IT Room? or Server Room
    By stevenlong1985 in forum How do you do....it?
    Replies: 17
    Last Post: 11th February 2010, 02:02 PM
  2. How big is your printing budget?
    By JJonas in forum Budgets and Expenditure
    Replies: 16
    Last Post: 8th January 2009, 01:33 PM
  3. How tidy is your office?
    By pete in forum General Chat
    Replies: 41
    Last Post: 15th October 2008, 03:42 PM
  4. Notice Periods... How long is yours?
    By AshF in forum General Chat
    Replies: 25
    Last Post: 5th October 2007, 09:54 AM
  5. How big is your backup?
    By DavidB4910 in forum Wireless Networks
    Replies: 16
    Last Post: 25th May 2007, 09:14 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •