Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Additional page load delays since a few weeks/months

SimonTSimonT Newbie ✭
edited August 23 in Mid Range Firewalls

Hi everyone,

I've already opened a support ticket for that, but I am currious if others Sonicwall Users noticed this as well.

Opening a web page, lets take http://example.com, on first time open delays 2-3 seconds before loading the page. All upcoming retries, even with different browsers do not have the delay anymore. On next day the issue returns.

I then investigated a bit and started a packet capture and found exactly in the situation when this happens, that CFS is dropping some packets with:

Drop Code: 107(Enforced Content Filter Policy) Module Id: 65(CFS)

Disabling CFS completely for this client resolves the problem, but is not a solution.

CFS configuration is mainly default. Tried it on multiple Gen7 and also on Gen6 devices.

I was able to reprocude the issue with a brand new NSA 4700 with factory default configuration as well.


Did someone else noticed this too?

Category: Mid Range Firewalls
Reply

Answers

  • SimonTSimonT Newbie ✭

    In the meantime Sonicwall Support responded, that this is a normal behaviour. They mean the drops. But a latency of 3 seconds and mor e per pageload of a new site, is not normal.

    @ALL Can technicians of Europe post what CFS get's configured in their Gen7 Sonciwalls?

    On that one that I've checked it was always the webcfs06 - but that seems to be not the nearest server.


  • BWCBWC Cybersecurity Overlord ✭✭✭

    @SimonT I checked a few appliances and it's always webcfs06 and it seems that it's not driven by an Anycast DNS it shows the same IP all over the world.

    I'am having trouble with long loading times as well, but it is related to DPI-SSL.

    --Michael@BWC

  • SimonTSimonT Newbie ✭
    edited October 3

    I noticed the issue on multiple Sonicwalls. Even Gen6.. IMHO they damaged something months ago with CFS signature Updates. Otherwise I have no explanation.


    @BWC

    Can you start a capture for HTTP/HTTPS with dest-IP 93.184.216.34 and then open the Webpage www.example.com ?

    It is important that you did not open this website in the last 24h. Otherwise CFS-Cache Hits and you do not have the issue.

    Would be interesting how many dropped packets you see in the capture (like described in first post)

    Next question is, how fast was the page load? in my case I have to wait 3 second until it starts loading the page. Then it is quick since the page content is not large.

    Thanks

  • SimonTSimonT Newbie ✭

    Sonicwall Support change now the CFS Server to webcfs07 (IMHO UK) for all EMEA Sonicwalls.

    But for my problem, this was not the solution.

Sign In or Register to comment.