topic WSA HTTPS interception slow upload in Web Security

WSA HTTPS interception slow upload

askaerr — Tue, 21 Jun 2016 08:53:46 GMT

Hi,

Currently I'm doing a WSA project at a customer with HTTPS interception. I've noticed when doing uploads over HTTPS (fe google drive or wetransfer), the performance is very poor. Uploading a file over intercepted HTTPS goes at a rate of about 1,5Mbps. When I do the same upload (same file and same online service) without interception, it goes at about 50Mbps.

HTTP uploads and intercepted HTTPS downloads also go at normal speeds. The performance hit is present on both S380 appliances and they are currently only being used for testing (no load). I also tried disabling CDS and outbound malware scanning without results.

Has anybody seen this difference in BW for uploads over intercepted HTTPS? Should I consider it as normal?

We haven't heard the same

Tao Yang — Thu, 23 Jun 2016 01:11:53 GMT

We haven't heard the same from other customer yet. Can you please run packet capture at WSA without any filter for HTTPs decryption enable and disable one and then compare them to see if you can find any clue?

How do you authenticate users

RoadRunner4k — Wed, 29 Jun 2016 06:33:24 GMT

How do you authenticate users? and which AsyncOS version are you using? I have experienced something similar to what you see.

All HTTPS traffic was slow in our case, and this was due to authentication issues.

We're doing explicit proxy

askaerr — Wed, 29 Jun 2016 08:19:16 GMT

We're doing explicit proxy and the WSA appliances are on 9.0.1-162. Disabling authentication for a specific IP address as a test did not show any improvements.

In fact it seems we're only experiencing these issues with Google Drive. No difference is noticed (in comparison with the old non-intercepting proxy) when using wetransfer or dropbox.

I've tried comparing packet captures when doing interception and when not but can't seem to find any hints in there.

Thanks for your update. As I

Tao Yang — Wed, 29 Jun 2016 23:50:25 GMT

Thanks for your update. As I could not reproduce this issue, would you please try the following steps to narrow down this issue.

1. Disable "Decrypt for Application Detection" in HTTPs proxy settings if it is enabled.

2. Try deploying another version virtual WSA to test it again to see if it is only happening on this specific version.

Please feel free to open a new Cisco TAC case and we do provide 24x7x365 support.

Hope it helps.

Thanks for your suggestions.

askaerr — Wed, 06 Jul 2016 12:27:53 GMT

Thanks for your suggestions.

1. The "Decrypt for Application Detection" feature was disabled but no results, the upload speeds remain very slow.

2. I did not find the time yet to test with a virtual WSA on a different version but will try to do so next week.

In the meanwhile I logged a case at the Cisco PDI helpdesk (Cisco TAC did not want to take the case because it's a new setup) but no progress yet.

See the following the thread.

michaellperrin — Tue, 19 Jul 2016 17:23:44 GMT

See the following the thread.

https://supportforums.cisco.com/discussion/12485001/wsa-slowing-upload-speed-half

Thanks for the tip.

askaerr — Mon, 05 Sep 2016 12:36:46 GMT

Thanks for the tip.

I tried to disable the Data Security Policy but no change in behavior. Also upgraded to 9.1.1-074 but no difference. PDI closed the case and I"m not working with TAC to check what we can do.