cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1238
Views
0
Helpful
13
Replies
Highlighted
Beginner

SA500 ProtectLink URL Filterting

We have just enabled ProtectLink URL Filtering on our SA500..

But now all HTTP requests are slow and take AGES!! to load.

Is anyone using URL Filtering on the SA device?

(Accessed by 60+ Users)

13 REPLIES 13
Highlighted
Beginner

Bump!

Highlighted

Hi Peter, naturally, if you disable the protectlink everything is working normal (I am assuming). I've heard this before.

There isn't really much of a remedy for it except trying to lower filters.  As an example for Web Threat Protection you may try to set security level to low

Low Blocks fewer Web threats but reduces the risk of false positives.

You may also try to set the overflow control to

Temporarily bypass URL requests

I am pretty well aware that it somewhat defeats the purpose of an active protection. But sadly, there is not much to do about this.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Highlighted

Hi Tom,

We have set the SA to "Temporarily bypass URL requests" and "Web Threat Protection" is Disabled.

We only have the "Enable URL Filtering" enabled with just the "Adult" catogories.

This shouldnt cause the internet to become un-usable at times should it?

Highlighted

Are you also using IPS?

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Highlighted

Yes we are using IPS

When I get back to the office I will try and disable this.

Is this a known issue??

Highlighted

IPS is a tax (impact) for any system.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
Highlighted

We started using ProtectLink about 3 weeks ago.  We are a small shop, only 12 workstations.  We noticed a ton of activity being blocked under Peer to Peer and Personal Network Storage.   This huge amount of blocks seemed to task the Firewall and really slow it down.  I located one machine running Drop Box.  The continous requests to connect (thousands) were a big part of the blocked activity.  Shutting that down seemed to help.  I still see P to P requests, I can't figure out where they are coming from. 

I am not a technician, but it seems to me that as time has passed and our users have gotten used to the idea that they cannot surf at will, the blocked requests have gone down and the firewall is not as busy.  Our internet is now FASTER than before we had ProtectLink, our internet traffic is cut in half.

Does the above sound plausible?

Highlighted

Hi Thomas.

I have disabled IPS on the SA, but we still have the same issue here with HTTP Traffic.

Jim,

This issue is only effecting the speed of HTTP requests, we only have a select few filters enabled.

When the filtering is disabled the speed of HTTP request are fine, so we have established that the URL filtering is causing the slow down.

Highlighted

Peter,

We are using IPS and ProtectLink Web (including URL Filtering) with no issues. We are running Beta firmware (2.2.0.3_1) though. You might contact Cisco to request this firmware. There may be a newer version by now. A maintenance release is due out soon.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

Highlighted

We are using F/W 2.1.71

I'm not sure if this is a Firmware Issue, It could be the speed these HTTP request are sent to TrendMicro.

Unless the filtering is done locally.

Highlighted

It seems to us that some things have changed in 2.2.03 regarding ProtectLink.  For example, the error logging has been changed... and for the better.  A lot more informational messages are being written to the log.

They may have changed the implementation of ProtectLink as well.  I haven't inquired about it.  We got the Beta firmware for a total different reason.

Highlighted

Bump!

Highlighted

Peter,

This really needs to be addressed.  As I mentioned above we are using ProtectLink Web and IPS and we don't experience any http request lag times, but we are also running Beta firmware.  Actually we are planning on deploying a newer Beta release this weekend in an attempt to fix a Verisign VIP issue.  That Beta version is 2.2.0.7.

You should really contact Cisco and open a case about this.  Perhaps the Beta firmware will address the issue?  They have made some ProtectLink enhancements (i.e. logging).  Perhaps it's a simple configuration issue on your side?  Maybe TrendMicro needs to get involved?  We really don't know until Cisco tech support gets involved.

Do you have TAC access?  Cisco Small Business support has been VERY responsive to our needs.  Just give them a call.

FYI, you can get TAC access by purchasing a 3-year maintenance support contract for your SA500 Series device.  I believe it only cost us around $70.  We procured it from www.cdw.com and it only took a few days to get setup.  CDW and Cisco do all the setup for you.  That's why it takes so long.  They tie your device (by serial number) to a Cisco contract.  It's quite painless and well worth the investment, IMO.

To purchase a 3-year contract and gain TAC access:

https://www.cdw.com/shop/products/Cisco-Small-Business-Service-extended-service-agreement-3-years/1843815.aspx

To contact Cisco and open a case with them over the phone:

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html