Hi folks, I noticed that some pages are very slow since the upgrade to UTM 9.352-6. Don't know if this has to do with the upgrade. But today I also noticed many blocked packets from external hosts in the overview tab of "Network Protection". I did some investigation and found out, that these blocked packets are answers to HTTP request, which are processed by the transparent WebProxy. One of the blocked hosts is https-178-79-242-217.fra.llnw.net, which is used by "Sophos Mobile Security" on my mobile phone. I can see the HTTP requests from "Sophos Mobile Security" in the web proxy log, which are not blocked: 2016:01:10-12:33:02 jasnet httpproxy[3184]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.20" dstip="178.79.242.217" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffJasneWebfiActio (Default)" size="225" request="0xdf687800" url=" d1.sophosupd.com/.../sdds.smsec_version.xml" referer="" error="" authtime="0" dnstime="1" cattime="29699" avscantime="2694" fullreqtime="1034871" device="0" auth="0" ua="Dalvik/2.1.0 (Linux; U; Android 5.1.1; xxxxx)" exceptions="" category="105" reputation="trusted" categoryname="Business" application="sophupda" app-id="794" content-type="text/xml" And I also can see the HTTP answer from 178.79.242.217 in the firewall log, which is blocked (becaue he don't know this connection): 12:33:03 Default DROP TCP 178.79.242.217 : 80 → 192.168.10.20 : 47123 [RST] len=40 ttl=64 tos=0x00 srcmac=xxx This happend also to some other sites/Servers and clients. I think this is not a normal behaviour, and could be responsible for the slow websites. Has anyone the same problem? What should I do? Thank you! Jas
↧