Hi Peter, naturally, if you disable the protectlink everything is working normal (I am assuming). I've heard this before.
There isn't really much of a remedy for it except trying to lower filters. As an example for Web Threat Protection you may try to set security level to low
|Low||Blocks fewer Web threats but reduces the risk of false positives.|
You may also try to set the overflow control to
Temporarily bypass URL requests
I am pretty well aware that it somewhat defeats the purpose of an active protection. But sadly, there is not much to do about this.
Please rate helpful posts
We started using ProtectLink about 3 weeks ago. We are a small shop, only 12 workstations. We noticed a ton of activity being blocked under Peer to Peer and Personal Network Storage. This huge amount of blocks seemed to task the Firewall and really slow it down. I located one machine running Drop Box. The continous requests to connect (thousands) were a big part of the blocked activity. Shutting that down seemed to help. I still see P to P requests, I can't figure out where they are coming from.
I am not a technician, but it seems to me that as time has passed and our users have gotten used to the idea that they cannot surf at will, the blocked requests have gone down and the firewall is not as busy. Our internet is now FASTER than before we had ProtectLink, our internet traffic is cut in half.
Does the above sound plausible?
I have disabled IPS on the SA, but we still have the same issue here with HTTP Traffic.
This issue is only effecting the speed of HTTP requests, we only have a select few filters enabled.
When the filtering is disabled the speed of HTTP request are fine, so we have established that the URL filtering is causing the slow down.
We are using IPS and ProtectLink Web (including URL Filtering) with no issues. We are running Beta firmware (126.96.36.199_1) though. You might contact Cisco to request this firmware. There may be a newer version by now. A maintenance release is due out soon.
It seems to us that some things have changed in 2.2.03 regarding ProtectLink. For example, the error logging has been changed... and for the better. A lot more informational messages are being written to the log.
They may have changed the implementation of ProtectLink as well. I haven't inquired about it. We got the Beta firmware for a total different reason.
This really needs to be addressed. As I mentioned above we are using ProtectLink Web and IPS and we don't experience any http request lag times, but we are also running Beta firmware. Actually we are planning on deploying a newer Beta release this weekend in an attempt to fix a Verisign VIP issue. That Beta version is 188.8.131.52.
You should really contact Cisco and open a case about this. Perhaps the Beta firmware will address the issue? They have made some ProtectLink enhancements (i.e. logging). Perhaps it's a simple configuration issue on your side? Maybe TrendMicro needs to get involved? We really don't know until Cisco tech support gets involved.
Do you have TAC access? Cisco Small Business support has been VERY responsive to our needs. Just give them a call.
FYI, you can get TAC access by purchasing a 3-year maintenance support contract for your SA500 Series device. I believe it only cost us around $70. We procured it from www.cdw.com and it only took a few days to get setup. CDW and Cisco do all the setup for you. That's why it takes so long. They tie your device (by serial number) to a Cisco contract. It's quite painless and well worth the investment, IMO.
To purchase a 3-year contract and gain TAC access:
To contact Cisco and open a case with them over the phone: