Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1531
Views
5
Helpful
12
Replies

WSA S690 Slowness & Site Resolution Failures

Networks_Ish
Level 1
Level 1

‎02-10-2021 06:58 AM

Hi all,

 

After any input you can offer on an issue we've recently been having. Our S690's have been upgraded to v12.x and we're now seeing users complaining about websites taking tens of seconds, if not minutes to load, with some failing to resolve at all. Oddly though, if you then hit refresh the site renders ok. 

 

The appliances themselves are not being pushed very hard, e.g. 

 

CPU: 5%

RAM: 26%

Disk: 70%

 

I'm reluctant to roll back, so will look to raise a TAC, but would be interested in any views you have / checks or tests that I can do to pinpoint any potential problems.

 

Thanks.

Labels:
0 Helpful
12 Replies 12

balaji.bandi
Hall of Fame
Hall of Fame

‎02-10-2021 07:14 AM

Do you have authentication with AD for the users ? is your DNS resoltuin is good.

 

go to command level >displayalerts (what you see)

 

can you tell me what exact verison 12.XX ( we need XX correctly)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Networks_Ish
Level 1
Level 1
In response to balaji.bandi

‎02-10-2021 07:29 AM

Hi, BB.

 

Yes, we utilise AD for user authentication and DNS resolutions looks to be stable - although we have seen issues in the past with it, but that's a different story.

 

Would the alerts under "displayalerts" stay post any issue? I only see some SIEM solution errors at present.

 

Thanks.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Networks_Ish

‎02-10-2021 07:30 AM

what is the full version, there authentication surrogate bug we see as per my experience.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Networks_Ish
Level 1
Level 1
In response to balaji.bandi

‎02-10-2021 07:35 AM

Hi, BB.

 

Sorry, but I'd rather not divulge the full code version into the public domain.

 

What's the surrogate bug you mention? 

 

Thanks.

0 Helpful

Ken Stieers
VIP
VIP

‎02-10-2021 07:22 AM

You might be hitting https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw28303
You can restart the AVC service from the CLI with diagnostic -> services -> avc -> restart
They have a longer term workaround, soif this fixes it for you, open a case.

Networks_Ish
Level 1
Level 1
In response to Ken Stieers

‎02-10-2021 07:30 AM

Hi, Ken

 

Thanks for the link. It appears to have picked up a little now, but suspect it will manifest itself again, therefore I'll look to restart that service and see how it affects things.

 

Thanks.

0 Helpful

dkorell
Level 1
Level 1

‎02-11-2021 08:15 AM

Did you first experience this on February 10th? I did with 11.8.0 and TAC let me know this morning about the bug above so I am upgrading to 11.8.3. I tried to upgrade to 12.0.2 in December and had multiple issues and had to rebuild one WSA. TAC then told me to hold off on upgrading to 12.0.2 for some other bugs.

0 Helpful

Networks_Ish
Level 1
Level 1
In response to dkorell

‎02-11-2021 08:30 AM - edited ‎02-11-2021 08:49 AM

Hi, dkorell

We began experiencing the issue yesterday, so yes, Feb 10. 

We are in the process of moving a test appliance to a different version to see if that stabilises things.

 

It's really is disappointing that such bugs exist - I wonder what UAT Cisco actually do, as from the outside it seems they just push their code and let the customer find the bugs for them.... 

0 Helpful

Ken Stieers
VIP
VIP
In response to Networks_Ish

‎02-11-2021 09:06 AM

Depending upon the version, they do a full beta.
Beta for 14.0 just started... there may still be room.
They'll supply you with hardware or VM licenses if you want it, you get access to dedicated support for the beta.
They ask that you do a certain amount of testing and have a call every week to discuss issues you're having/bugs you find, etc.
Bugs you find are usually promised to be fixed by FCS.
I can hook you up with the Beta Manager if you'd like.


BTW, I beta'd the fix for this bug on 12.5.1...




________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.
0 Helpful

Networks_Ish
Level 1
Level 1
In response to Ken Stieers

‎02-11-2021 10:29 AM

Hi, Ken

That could be really useful, if it's not too much trouble.

I am UK based if that makes any difference.

0 Helpful

Ken Stieers
VIP
VIP
In response to Networks_Ish

‎02-12-2021 02:57 PM

I sent you a direct message. 

0 Helpful

Ken Stieers
VIP
VIP
In response to dkorell

‎02-11-2021 11:57 AM

That bug is reported as fixed in 12.5.1-043

https://bst.cloudapps.cisco.com/bugsearch/search?kw=*&pf=prdNm&pfVal=282941570&rls=12.5.1-043&sb=fr&svr=3nH

 

My VMs got provisioned for it today.

 

0 Helpful
Customers Also Viewed These Support Documents