cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
326
Views
0
Helpful
3
Replies
Highlighted
Beginner

WSA High Latency

Hello to everybody !!!

 

Here is the case as simple as I can describe it.I have 4 WSA.Let's take for granted that everything else in my network has been checked and works as it should be.Sometimes during the day I experience high latency in traffic which in simple words has as a result a slow response to the Internet.I have already made an extensive research and investigation and I have conclude that it is normal because I have exceeded the recommended average of SSL traffic and as so I plan to add 2 more WSAs in my network.

I just wonder if anyone else faced the same issue and has anything else to suggest or an other solution that might work.

 

Thank you all for your time,

3 REPLIES 3
Highlighted
Engager

Re: WSA High Latency

What version are you running, and are you running AMP? And are you getting all of your alerts?

We had an issue related to AMP restarting that would do this.

There's also related issues on smaller WSAs when they get their updates. If you have 170s, or V100s, set them to get their updates less often, so you'll run into it less frequently.



All of these are better with newer builds later versions of 11.7 and the latest 11.8.






Highlighted
Cisco Employee

Re: WSA High Latency

Hi,

 

Latency can occurs in WSA due to multiple factors and combinations of them at the same time:

1. What WSA hardware model

2. What versions

3. What scanning engine enables in WSA (AMP, webroot, sophos, mcAfee) does it using authentication?

4. What is your RPS (request per second)?

5. What is your traffic pattern such as majority HTTPS traffic with decryptions? streaming traffic?

 

if you have a massive RPS especially during production hours with high decryptions and with all the scanning services enabled and you are running the very low end model, then this can definitely impact the performance handling the web traffic.

 

Regards

Handy Putra

Highlighted
Cisco Employee

Re: WSA High Latency

Hello, 

 

Exceeding the decryption threshold on the WSA can result is overall slowness of the traffic. Since you have narrowed it down to decryption, probably you can open up a TAC case and have them check the most decrypted url's. If there are url's which you think is safe and need not be decrypted and that is actually have lot of hits , you can actually set it as passthrough. It really depends on the number of hits though. An overall health check of the WSA performance by TAC would also be good as many factors can contribute to sluggishness. 

 

Thanks

Ash