SSL Inspection Pages SLOW

2

All Replies

  • Julien_ALM
    Julien_ALM Posts: 2
    Same Problem, If I turn off SLL inspection, the pages are displayed instantly.
    If the pages have already been displayed since the firewall was started, their loading is faster.

    Model Device : ATP700
    Firmware version : V4.62(ABTJ.0) / 2021-01-19 11:09:16
    Certificat CN=atp700_BCCF4FB75A43 (default certificate)
    Validation Result=self-signed 
    Internet connexion : (two fibers, For each : 500mbs Down, 200Mbs Up)


  • MPOster
    MPOster Posts: 14  Freshman Member
    I have read other forums that this is an issue with Zyxel new firmware. I am 12 days from a return as I never experienced this using a Fortigate device. My first encounters with Zyxel have not been good ones and I was told so many good things about them. 
  • Zyxel_Can
    Zyxel_Can Posts: 239  Zyxel Employee

    Hi All,

     

    @jonatan,

     

    We have remote access to your site. Now, we can't see the symptom anymore.

    Can you help us to clarify if that issue still exist?

     

    @MPOster,

     

    By default Server Signed Certificate Key Mode is :ECDSA-RSA-1024.

    Can you try to change it to ECDSA-RSA-1024 and try it’s performance?

     

    @Julien_ALM,

     

    How long does it take to load web pages with SSL Inspection and without SSL Inspection?

    How many clients are connected to network when you do the test?

    Moreover, can you also disable Content Filter and enable SSL Inspection then try the performance for that symptom?

     

    Best regards.
  • MPOster
    MPOster Posts: 14  Freshman Member

    UPDATE TO ISSUE: 

    Changed Certificate Key to ECDSA-RSA-102 and turned off Custom Service in Security Profile

    I did this three hours ago and so far have not heard anything from the end users about page loading slow.






  • I have the same problem with slow page opening. If Content Filter and biometric are enabled, the pages are either very slow to open or not open at all. But turn off Content Filter and pages start to tear off again at normal speed.
  • MPOster
    MPOster Posts: 14  Freshman Member
    I have the same problem with slow page opening. If Content Filter and biometric are enabled, the pages are either very slow to open or not open at all. But turn off Content Filter and pages start to tear off again at normal speed.
    Is that with your SSL turned on too?
  • MPOster
    MPOster Posts: 14  Freshman Member

    SECOND UPDATE: 

    End users complaining about slow loading pages again. Disabled SSL and left the content filtering on. Back to normal again. 

    Still needs to be repaired 
  • Julien_ALM
    Julien_ALM Posts: 2
    edited April 13
    Hi @Zyxel_Can

    "How long does it take to load web pages with SSL Inspection and without SSL Inspection?"

    - Without SSL Inspection : Less than 1 second.

    -  With SSL Inspection : About 10 seconds. it depends on the sites. it's faster if they've already been loaded once.


    How many clients are connected to network when you do the test ?

    - There are less than 20 in the company and only half have internet acces. There are about forty computers whith only about fifteen having internet. There are between 200 to 400 SSL sessions out of 4000 max according to the "ssl inspection service".


    Moreover, can you also disable Content Filter and enable SSL Inspection then try the performance for that symptom?

    - When i disable "content filter service", there is almost no change. On the other hand, if i stay content filter enabled and i disable SSL Inspection, It work perfecty.

    Sorry for my English  :)

    Best regards.
  • jonatan
    jonatan Posts: 63  Ally Member
    edited April 13
    MPOster said:

    UPDATE TO ISSUE: 

    Changed Certificate Key to ECDSA-RSA-102 and turned off Custom Service in Security Profile

    I did this three hours ago and so far have not heard anything from the end users about page loading slow.







    In my configuration, this setting is initially disabled.

    -In my situation when I disable Content Filter but leave SSL Inspection enabled. The situation with opening pages is improving, and they open at almost the same speed as with disabled SSL Inspection.

  • Zyxel_Can
    Zyxel_Can Posts: 239  Zyxel Employee
    Hi @jonatan,

    Can you send me your startup-config.conf file to me by private message so I can test for you?
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!