problems with internet traffic since smartdefence installed

[jbuszard]

We have recently updated the smartdefence stuff so everything is up to date on it - previously we have never used it.

however since implementing it - we are having numerous problems with http and https traffic. we run our traffic through proxy servers - we use clearswift mimesweeper for web 5.1

since putting in smart defence we got alot of pages coming back with a page cannot be displayed - it occurs almost instantly.
its not the proxy as these aren't sites or pages we block and the proxy has pre-designed block pages that appear for users if they can't get access to something.

looking on the firewall i can't see anything in the smartdefence tracker that relates to it.
i have tried turning off all the web inteligence stuff in smart defence and this certainly helps with some of the https sites - however we still get the page cannot be displayed error coming up on various sites.

we particularly have problems with sites such as AA route planner, streetmap and similar sites.

if it was smartdefence blocking it i would expect it to appear in the smartdefence tracker - however it doesn't - but i do know that that tracker doesn't show all as some https sites didn't work or appear in the tracker but when i turned off the web inteligence stuff they worked.

anyone have any suggestions on how i can work out what is causing the problems?

[MarioL]

I'd check the Smartdefense config, or maybe put it in monitor mode.

How is the firewall doing in terms of throughput and resources? Is it fine or is it having lots of work?

[Thorpuse]

Make a database revision (or if you're using R62 or higher, create a new SD profile) and turn off the SmartDefense protections (do NOT just put them in monitor mode, monitor mode still enforces the protection, but allows it through on the match. Sadly sometimes it's the scan that causes the problem, not the detection).

Once you've determined if the problem is an SD protection, you pretty much have to use trial and error to find out which section and which protection is causing the problem. Ones to look out for are the IE Malformed jpg/avi/pdf etc protections, the ASCII only header/response protections and the worm catcher.