Slow Internet access after enabling appliance

onpoint · 08-19-2011, 03:00 PM

We just installed a demo server at a clients office and everything works great but as soon as we enable Intrusion Prevention Internet access comes to a crawl. Access to applications over the web (cloud), RDP sessions, etc.. are very slow and almost unusable.

As soon as we turn off the appliance everything goes back to normal. Checking the untangle server memory utilization and CPU usage while the intrusion prevention is on does not show any high usage whatsoever.
Number of processors: 2, Intel CPU 2160 @ 1.80GHZ
Load average 1 min (.09), 5 min (.07), 15 min (.05)
CPU utilization by user 2%
CPU utilization by system 2%
Tasks 97
Total memory is 2GB
Memory used 548MB 26%
Memory Free 1.5GB 74%
Memory pages
692.25MB active
247MB inactive
VM Statistics
228572 pageins, 2194302 pageouts
Swap files:
2714MB total swap space (0 mbs used)

The server is running Untangle 9.0.

Any ideas?

hlarsen · 08-19-2011, 03:16 PM

so it's fine with Intrusion Prevention off?
do you see the Event Log going crazy when it's on?

onpoint · 08-19-2011, 03:41 PM

That is correct. When we turn it off all is well. I will have to look at the event logs again to answer your question. I also did forget to mention there are only about three users behind the firewall.

dbunyard · 08-19-2011, 06:43 PM

I suspect, as hlarsen hinted at, that one or more machines is flooding the network with "suspect" data. Check the logs for it and see what it shows. It's possible that you have an infected machine and that Untangle is working hard to keep that machine from accessing the internet when the Intrusion Prevention is on. The logs will shed some more light on the situation though. I'm also curious about the NICs and the up/down speeds of your internet connection.

onpoint · 08-22-2011, 08:09 AM

We have being monitoring the Untangle server. The intrusion prevention has been enabled over the weekend and as of today at 10:56am EST we have not heard of any issues with Internet latency yet. We reviewed the event logs for intrusion prevention and there appears to only be about 2 pages worth of entries. We do not see the logs having tons of entries as asked to verify.

We did run into a snag with Progressive Policy Downloaded but that is a different issue that we work around by disabling FTP transfer files options under config.

We did have some workstations come up with viruses and have been cleaned. We will keep monitoring the appliance and update this forum if we run into the same issue.

Thanks.

08-19-2011, 03:00 PM	#1 (permalink)
onpoint Untanglit Join Date: Feb 2009 Posts: 29	Slow Internet access after enabling appliance We just installed a demo server at a clients office and everything works great but as soon as we enable Intrusion Prevention Internet access comes to a crawl. Access to applications over the web (cloud), RDP sessions, etc.. are very slow and almost unusable. As soon as we turn off the appliance everything goes back to normal. Checking the untangle server memory utilization and CPU usage while the intrusion prevention is on does not show any high usage whatsoever. Number of processors: 2, Intel CPU 2160 @ 1.80GHZ Load average 1 min (.09), 5 min (.07), 15 min (.05) CPU utilization by user 2% CPU utilization by system 2% Tasks 97 Total memory is 2GB Memory used 548MB 26% Memory Free 1.5GB 74% Memory pages 692.25MB active 247MB inactive VM Statistics 228572 pageins, 2194302 pageouts Swap files: 2714MB total swap space (0 mbs used) The server is running Untangle 9.0. Any ideas?

08-19-2011, 03:16 PM	#2 (permalink)
hlarsen Join Date: Jul 2010 Location: sfba URLs submitted: 1 Posts: 1,138	so it's fine with Intrusion Prevention off? do you see the Event Log going crazy when it's on? __________________ Attention: Support on the Untangle Forums is provided by volunteers and community members. If you need official Untangle support please call or email support@untangle.com.

08-19-2011, 06:43 PM	#4 (permalink)
dbunyard Join Date: Nov 2008 Location: Westerville, Ohio, USA Posts: 1,021	I suspect, as hlarsen hinted at, that one or more machines is flooding the network with "suspect" data. Check the logs for it and see what it shows. It's possible that you have an infected machine and that Untangle is working hard to keep that machine from accessing the internet when the Intrusion Prevention is on. The logs will shed some more light on the situation though. I'm also curious about the NICs and the up/down speeds of your internet connection. __________________ Dan You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

Protect

Filter

Perform

Connect

Manage

Add-Ons

08-19-2011, 03:41 PM	#3 (permalink)
onpoint Untanglit Join Date: Feb 2009 Posts: 29	That is correct. When we turn it off all is well. I will have to look at the event logs again to answer your question. I also did forget to mention there are only about three users behind the firewall.

08-22-2011, 08:09 AM	#5 (permalink)
onpoint Untanglit Join Date: Feb 2009 Posts: 29	We have being monitoring the Untangle server. The intrusion prevention has been enabled over the weekend and as of today at 10:56am EST we have not heard of any issues with Internet latency yet. We reviewed the event logs for intrusion prevention and there appears to only be about 2 pages worth of entries. We do not see the logs having tons of entries as asked to verify. We did run into a snag with Progressive Policy Downloaded but that is a different issue that we work around by disabling FTP transfer files options under config. We did have some workstations come up with viruses and have been cleaned. We will keep monitoring the appliance and update this forum if we run into the same issue. Thanks.