cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1123
Views
0
Helpful
3
Replies

WSA High Latency

ak_272
Beginner
Beginner

Hello to everybody !!!

 

Here is the case as simple as I can describe it.I have 4 WSA.Let's take for granted that everything else in my network has been checked and works as it should be.Sometimes during the day I experience high latency in traffic which in simple words has as a result a slow response to the Internet.I have already made an extensive research and investigation and I have conclude that it is normal because I have exceeded the recommended average of SSL traffic and as so I plan to add 2 more WSAs in my network.

I just wonder if anyone else faced the same issue and has anything else to suggest or an other solution that might work.

 

Thank you all for your time,

3 Replies 3

Ken Stieers
VIP Advisor VIP Advisor
VIP Advisor
What version are you running, and are you running AMP? And are you getting all of your alerts?

We had an issue related to AMP restarting that would do this.

There's also related issues on smaller WSAs when they get their updates. If you have 170s, or V100s, set them to get their updates less often, so you'll run into it less frequently.



All of these are better with newer builds later versions of 11.7 and the latest 11.8.






Handy Putra
Cisco Employee
Cisco Employee

Hi,

 

Latency can occurs in WSA due to multiple factors and combinations of them at the same time:

1. What WSA hardware model

2. What versions

3. What scanning engine enables in WSA (AMP, webroot, sophos, mcAfee) does it using authentication?

4. What is your RPS (request per second)?

5. What is your traffic pattern such as majority HTTPS traffic with decryptions? streaming traffic?

 

if you have a massive RPS especially during production hours with high decryptions and with all the scanning services enabled and you are running the very low end model, then this can definitely impact the performance handling the web traffic.

 

Regards

Handy Putra

assethum
Cisco Employee
Cisco Employee

Hello, 

 

Exceeding the decryption threshold on the WSA can result is overall slowness of the traffic. Since you have narrowed it down to decryption, probably you can open up a TAC case and have them check the most decrypted url's. If there are url's which you think is safe and need not be decrypted and that is actually have lot of hits , you can actually set it as passthrough. It really depends on the number of hits though. An overall health check of the WSA performance by TAC would also be good as many factors can contribute to sluggishness. 

 

Thanks

Ash 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers