Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
0
Helpful
2
Replies

Work Queue backups on Wednesday nearly every week.

Tony Kilbarger
Beginner
Beginner

‎11-18-2015 10:10 AM

In our environment we have 4 X1060 appliances sending and receiving our internet email.  We are still on 7.6.1 on these boxes but are currently pursuing an upgrade to 680's. 

For now though because of the load on these, we are stuck on 7.6.1 for several more weeks.  The issue we have is the boxes run fine with minimal if any workqueue backups daily except on Wednesdays.  For a while it was Wednesday mornings beginning perhaps as early as 7:00 am EST but now is closer to noon.  Our 4 hosts go from averaging 200 or less messages in the workqueue to suddently 20,000 plus in the workqueue on all 4..  This usually takes a couple hours to clear and users complain of 30 minute plus latency in receiving their email.

We have beat this issue to death in our environment looking at DNS, firewalls, switches, bandwidth etc.  I have analyzed the messages coming through and find nothing unusual.  Size is average, messages per minute is normal, nothing unusual.  I don't see any indication of snowshoe spam or anyone flooding us with connections.

Is there anything that happens weekly on Wednesdays that may explain this?  Major CASE rule updates?  Virus updates?  We use CASE, SOPHOS, SBRS.   It just seems the boxes can do lett work for a couple hours on Wednesdays.

I have opened cases on this, but usually get great pushback at our old version.  We can't upgrade these hosts as we have been told the newer versions would decrease our capacity.  We are in the process of putting in 8 680's to replace these but that is several weeks away.

Thanks in advance for any ideas on this.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

MARK SCHWANTJE
Beginner
Beginner

‎11-19-2015 10:05 AM

Tony,

While I hadn't noticed it previously, we ran into this issue yesterday (Wednesday) with the (3) C670's we have that are in a cluster. From approximately 7:00 am PST to 11:45 am PST, we saw a huge spike in our workqueue. We had up to approx. 7,200 messages in each of the workqueues, which caused delays of close to 25 minutes. Our appliances are running the latest and greatest version of AsyncOS: 9.7.0-125.

I checked our updater logs and didn't see any updates having taken place during these times.

0 Helpful