SSL Inspection Very slow internet traffic
Ally Member
Hello zyxel team,
After enabling SSL inspection in the zyxel firewall, We are experiencing very slow throughput although we have high bandwidth available. The website load speed is drastically drowned after enabling the SSL inspection.
WO SSL inspection, it works very fine.
The loading speed varies from page to page.
Firewall: USG110
Firmware Version: 4.62
No. Of users with allowed internet:16 - 20
No of concurrent sessions: 1000
We have also checked by enabling only SSL inspection and disabling other UTM profiles. But, the result is still the same.
Hence, we have to disable this feature as of now...
Zyxel team, please look into this matter.
After enabling SSL inspection in the zyxel firewall, We are experiencing very slow throughput although we have high bandwidth available. The website load speed is drastically drowned after enabling the SSL inspection.
WO SSL inspection, it works very fine.
The loading speed varies from page to page.
Firewall: USG110
Firmware Version: 4.62
No. Of users with allowed internet:16 - 20
No of concurrent sessions: 1000
We have also checked by enabling only SSL inspection and disabling other UTM profiles. But, the result is still the same.
Hence, we have to disable this feature as of now...
Zyxel team, please look into this matter.
0
All Replies
-
0
-
SSL inspection will cost a lot CPU resource for HTTPS encryption & decryption.
How many SSL inspection session is working on your device? (Check Monitor > SSL Inspection > Concurrent sessions)
How about your speedtest result before/after active SSL inspection function on your device?0 -
Hello @CHS,
The maximum concurrent session I found in the firewall statistics is 560 with only 2 PC. The rest PC in the network is not activated with SSL inspection service.
The speedtest result gave around 92Mbps without SSL inspection and 81Mbps with SSL inspection.
But the page loading speed is very poor indeed.0 -
Hi @chandanCan you take a screenshot of your SSL Inspection profile setting?If you change your setting like it, does speed is getting higher?
You can also take a video how slow throughput during access to WebSite.0 -
HI,Same problem with ATP700.(This thread : SSL Inspection Pages SLOW — Zyxel Community)- Without inspection ssl but with all other security services enabled, web pages load less than one second.- With inspection SSL enable and all other services enabled, web pages load on average 10 seconds- With inspection SSL enable but all other services disabled, web pages load on average 10 seconds too- the First load is more longer- I Have installed latest firmware version (5.02(ABTJ.0)), it's the same.- I Have tested with only one WAN interface and disabled wan load balancing and it's the same.- The weird thing is that even unsecured (http) sites are slow to display if SSL inspection is enabled. On the other hand if I deactivate it, it is instantaneous.Best Regards,0
-
HI,Same problem with ATP700.(This thread : SSL Inspection Pages SLOW — Zyxel Community)- Without inspection ssl but with all other security services enabled, web pages load less than one second.- With inspection SSL enable and all other services enabled, web pages load on average 10 seconds- With inspection SSL enable but all other services disabled, web pages load on average 10 seconds too- the First load is more longer- I Have installed latest firmware version (5.02(ABTJ.0)), it's the same.- I Have tested with only one WAN interface and disabled wan load balancing and it's the same.- The weird thing is that even unsecured (http) sites are slow to display if SSL inspection is enabled. On the other hand if I deactivate it, it is instantaneous.
(Sorry For My English
)Best Regards,0 -
Hi @Julien_ALM
When accessing websites, it may including many frames in the web page. (per frame may include one or more URLs). SSL inspection will exchange all of certificates between these clients and those URL web server during website loading the content to you....more URLs then more busy.
If you like, you can share you tested sebsite and your SSL certificate to me by private message. Then we may have a further check.
0 -
Zyxel_Stanley said:Hi @chandanCan you take a screenshot of your SSL Inspection profile setting?If you change your setting like it, does speed is getting higher?
You can also take a video how slow throughput during access to WebSite.
Hello,
As per your advise please see the below attached videos of computer browser with and without SSL inspection. Actually I have this settings activated in the firewall. There is no website loading performance improvement by this...
SSL Settings
Without SSL Inspection
https://drive.google.com/file/d/10EJhTwbXn3EohWnDqI0cRzu_xLCakqVR/view?usp=sharing
With SSL Inspection
https://drive.google.com/file/d/11B4cvyvF0dci_6M2X7fmAInpUKBVpdy4/view?usp=sharing
Note the throughput is also reduced by 5 - 10 Mbps depending on various sites.0 -
In this video, when SSL inspection is turned on, the almost frames and images are loaded within around 5 seconds.Users may feel few latency comparing to the cases without using SSL inspection. This is because when SSL inspection function is turned on, it will bring some overhead to the system due to certificate exchange handling. This is more likely some kind of tradeoff between performance and security.0
-
But, this is annoying indeed. As an end user I or nobody will like slow loading webpages. However, the webpages loading varies from sites to sites.0
Master Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
