PDA

View Full Version : Internet traffic slows when I turn on the Websense rule



Chuckybob
2005-12-15, 17:42
We are running Nokia Checkpoint Firewall-1 appliances and Websense on Windows 2003.
When I turn on the Websense rule in the firewall, client Internet traffic slows to a crawl instantly. Websense is working, but even the traffic to “allowed” web pages are extremely slow.
I turned off logging on the Websense firewall rule and raised the HTTP cache setting on the firewall to 16384. Everything runs great for a few hours but will slow down again. I increased the HTTP cache to 32768 and now everything runs great for about 24 hours (sometimes much less) before it slows down again.
Also, if I reboot the firewalls, then everything is good again, for another 24 hours. I suspect that the HTTP cache on the firewalls isn’t “clearing” itself automatically. It appears to fill up and then stop working. Of course this is only a guess. Has anyone experienced this or have any suggestions to remedy the issue?

Also, The Nokias, the admin server and the websence server have all been rebuilt. We are not running any HTTP Security Servers

Thanks for any assistance

Lackie
2005-12-16, 02:11
I don't have an answer to your issue yet but I do know that if you have a Websense rule, you are using a security server. If you do a ps -ax on the firewall you should see the 'in.httpd' process running. Thats the http security server.

alienbaby
2005-12-19, 15:25
Sounds like you are using UFP with a WebSense server.

This is a performance sensitive option, and in my experience should only be used if the organization will have less than 500 http connections at any given time.

I recommend that you change to your Websense installation out for the stand-alone version. Performance will be better and you will loose and point of failure.

Chuckybob
2005-12-22, 14:27
Thanks for all input. This is somewhat embarrassing but while checking the control switch for errors I noticed that the websence server connection was down. A 5 second investigation reveled that the NIC had been disabled. After I enabled the NIC Internet traffic is back to normal.

Thought you might like to know.