11-07-2013 01:34 PM
Hi all,
I'm testing the S100V virtual WSA on unsupported hardware (Dell PE1950, 8Gb 667MHz RAM, 3 disk RAID5 10kRPM, Dual Intel Xeon E5320 1.8GHz Procs) and I'm finding response times on many pages to be very slow. We're using forwarding so I can swap from our S170 back and forth to compare. The server specs wouldn't suggest such slow response from the S100V. Some pages take well over a minute to load while on the S170, they take less than 5 seconds. Has anyone else experienced this?
thanks,
Chris
Solved! Go to Solution.
11-08-2013 03:31 PM
Chris,
You're likely hitting defect # CSCug24726. The problem is not so much that it is virtualized. The problem lies within the version 7.7.0 code which the vWSA is based off of.
You should be able to get better performance if you enabled Adaptive Scanning together with the AVC. However, the Adaptive Scanning feature has some problems on its own so it probably won't be as fast as haviing it all turned off. But it will definitely be much better than having Adaptive Scanning disabled with AVC enabled.
Also as the defect filing suggests, you may want to review your AVC settings within the access policies. Certain categories set to BLOCK triggers this defect. If you have the time, you might want to test it a little. Enable AVC and disable Adaptive Scanning, and make sure nothing in the AVC is set to BLOCK.
-Vance
11-07-2013 04:03 PM
I too am currently testing the S100V ... I'm testing on ESXi 5.1.0 with a BL620c G7 with 512GB RAM and 20 x 2.4ghz backed to a SAN using multi levels of raid 6...
I'm personally not experincing the issues you are refering too, load times are faster on the S100V than our current ISA/Websense 7.7.
11-08-2013 05:20 AM
Thanks Jodi,
was wondering whether the virtual appliance was ready for production environments. Your performance results would suggest so. Apparently my hardware isn't up to task. Looking at the performance charts via ESXi client, the hardware doesn't appear overly taxed. I'm thinking maybe the memory and possibly Disk I/O speeds are at issue.
thanks again,
Chris
11-07-2013 11:19 PM
Can you try to disable both Adaptive Scanning and Application Visibility & Control under Security Services and try again?
11-08-2013 05:22 AM
Vance,
its been running without adaptive scanning. I've disabled App and visibility control and it definitely made a difference. Leaning towards the memory speed as the culprit.
Chris
11-08-2013 03:31 PM
Chris,
You're likely hitting defect # CSCug24726. The problem is not so much that it is virtualized. The problem lies within the version 7.7.0 code which the vWSA is based off of.
You should be able to get better performance if you enabled Adaptive Scanning together with the AVC. However, the Adaptive Scanning feature has some problems on its own so it probably won't be as fast as haviing it all turned off. But it will definitely be much better than having Adaptive Scanning disabled with AVC enabled.
Also as the defect filing suggests, you may want to review your AVC settings within the access policies. Certain categories set to BLOCK triggers this defect. If you have the time, you might want to test it a little. Enable AVC and disable Adaptive Scanning, and make sure nothing in the AVC is set to BLOCK.
-Vance
11-11-2013 05:36 AM
It appears you are correct, Vance,
I've enabled Adapting Scanning along with AVC and performance increases markedly. I searched the knowledge base for poor performance issues but this bug wasn't returned. You would think Cisco would make such defect listings easier to find. I didn't even realize there was a seperate bug search tool! Isn't that the purpose of the knowledge base? Go figure.
Thanks Vance. Big help,
Chris
11-11-2013 01:24 PM
This also looks to be fixed in 7.7.5-0194 - http://www.cisco.com/en/US/docs/security/wsa/wsa7.7.5/release_notes/WSA_7_7_5_194_Release_Notes.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide