Additional page load delays since a few weeks/months
I've already opened a support ticket for that, but I am currious if others Sonicwall Users noticed this as well.
Opening a web page, lets take http://example.com, on first time open delays 2-3 seconds before loading the page. All upcoming retries, even with different browsers do not have the delay anymore. On next day the issue returns.
I then investigated a bit and started a packet capture and found exactly in the situation when this happens, that CFS is dropping some packets with:
Drop Code: 107(Enforced Content Filter Policy) Module Id: 65(CFS)
Disabling CFS completely for this client resolves the problem, but is not a solution.
CFS configuration is mainly default. Tried it on multiple Gen7 and also on Gen6 devices.
I was able to reprocude the issue with a brand new NSA 4700 with factory default configuration as well.
Did someone else noticed this too?
SimonT Newbie ✭
If someone has the same kind of issue.. We where now able to solve the issue with Sonicwall Support.
The problem occured, when on the WAN Interface of the Sonicwall the DNS Server of Cloudflare 22.214.171.124 was used.
After changing to a different DNS , in our example 126.96.36.199 the issue was solved and we had no additional delay on web page loads.
Now we only see 1 packet dropped by Content Filter Policy in packet captures, and this is by design.0
In the meantime Sonicwall Support responded, that this is a normal behaviour. They mean the drops. But a latency of 3 seconds and mor e per pageload of a new site, is not normal.
@ALL Can technicians of Europe post what CFS get's configured in their Gen7 Sonciwalls?
On that one that I've checked it was always the webcfs06 - but that seems to be not the nearest server.
@SimonT I checked a few appliances and it's always webcfs06 and it seems that it's not driven by an Anycast DNS it shows the same IP all over the world.
I'am having trouble with long loading times as well, but it is related to DPI-SSL.
I noticed the issue on multiple Sonicwalls. Even Gen6.. IMHO they damaged something months ago with CFS signature Updates. Otherwise I have no explanation.
Can you start a capture for HTTP/HTTPS with dest-IP 188.8.131.52 and then open the Webpage www.example.com ?
It is important that you did not open this website in the last 24h. Otherwise CFS-Cache Hits and you do not have the issue.
Would be interesting how many dropped packets you see in the capture (like described in first post)
Next question is, how fast was the page load? in my case I have to wait 3 second until it starts loading the page. Then it is quick since the page content is not large.
Sonicwall Support change now the CFS Server to webcfs07 (IMHO UK) for all EMEA Sonicwalls.
But for my problem, this was not the solution.