SSL Inspection Pages SLOW

124»

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @DG_1 ,

    Greeting Forum, Thank your feedback.

    Could you check if you are using "ECDSA-RSA-1024" in Server signed certificate key mode ?

    Thank you

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @DG_1 ,

    Please share your model and firmware version .

    Thank you

  • DG_1
    DG_1 Posts: 6
    First Comment

    Hello!
    I tried the "ECDSA-RSA-1024" in Server signed certificate key mode, but unfortunately it didn't really help.
    We have USG FLEX 500, firmware version is V5.37(ABUJ.0).

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 888  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @DG_1 ,

    Please kindly update the below firmware and perform CLI

    Router# debug content-filter cache activate

    Router# debug content-filter cache show

    →output should: Cache Original: No
    https://fwstore-zsdn-cloud-zyxel-com.s3.us-east-1.amazonaws.com/5.37/2023-WK30/537ABUJ0ITS-23WK30-r110387.zip

    The original mechanism is to cache "Full URL", those commands turn off this mechanism and only do "Domain match", so please note the accuracy may be reduced.

    For example, the following URL will all match to "serach engine"

    https://a.search.com/ ==>ori category: serarch engine

    https://a.search.com/ad/sample.html ==> ori category: advertisement

    https://a.search.com/ad/lootbox.php ==> ori category: phishing

    Thanks

     

Security Highlight