My USG Flex 50 slow navigation

Hi,

when I use a policy to restrict acces to some websites, browsing is very slow. However, the same sites open as quickly where the rule is "TO ANY".

The firmware is on the last and Content Filtering is deactived

Thanks

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @zullo_giuseppe,

    Could you share the screen shot of the setting of the policy "to restrict access to some websites" with us? Thanks!


  • I created a group with the PCs and a group with the FQDNs of the external sites

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited December 2023

    I do the same thing on USG60 but by wildcard FQDN so

    *aboutamazon.co.uk

    the problem when you don't add all the address the web page tries to load like ads can hang to browsing

  • Thanks PeterUK,

    workarounds? suggestions?

  • smb_corp_user
    smb_corp_user Posts: 163  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    Looking back at PeterUK's reply, with the risk of misunderstanding it, I will attempt to explain what I think he meant:

    Use a wildcard together with the domain name (for example: *domainname.com ) to make sure that everything within that domain is filtered out directly without looking for some elements to allow.

    (in case I did misunderstand, I hope PeterUK can clarify the issue for you)

  • Thanks smb_corp_user,

    i have used wildcard ( *domainname.com instead of domainname.com) but navigation is very slow for PCs that access only a few sites. Everything is normal for PCs accessing "any"

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited December 2023

    Its because of 3rd party domains that the site try to load that cause the web page to hang as like *yahoo.com has many 3rd party domains that you need to include.

    The why I did it was ipconfig/flushDNS with Wireshark port 53 go to the site then look at all the sites DNS goes and looks up not sure if their is a better way.

    and even if you add all domains the web page may hang for a bit as the USG add the IP to the mapped FQDN as you get the DNS reply so fast that the browser make the connection but the USG is still processing the IP to the allow rule

Security Highlight