This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Adity12
Collaborator
‎2022-04-07 03:52 AM

HTTP traffic slowness when accessing web internal

Hi All,

 

On my customer site, 

There is problem when accessing web internal, the traffic is slow and even the page not displayed.

i have already check on logs there is no drop, only accept and ping to web server latency is good.

when i search for the issue, i noticed there is on log suspicious when traffic is slowness.

Here i attach that log, maybe anyone have dealt with this issue?

 

Thanks Regards

Dio Aditya Pradana 

Preview file
103 KB
0 Kudos
12 Replies
Ruan_Kotze
Advisor
‎2022-04-07 04:46 AM

Hi Dio,

Verify that your Website categorization mode is not set to hold.  If it is, change to background and see if things work better.  The setting lives in Manage & Settings > Blades > Application and URL Filtering > Advanced Settings

0 Kudos
Adity12
Collaborator
‎2022-04-07 06:12 AM
In response to Ruan_Kotze

i see on threat prevention engine settings, there is same options like this.

is that same options?

note : name blade show in log is Anti-Bot, sorry i think this options is only one for threat prevention.

Thanks Regards

Dio Aditya Pradana

 

 

Preview file
98 KB
0 Kudos
the_rock
Legend
Legend
‎2022-04-07 06:21 AM
In response to Adity12

You almost got it : - ). Here is what we are referring to brother. I attached 3 screenshots for you.

Andy

 

 

Preview file
70 KB
Preview file
53 KB
Preview file
24 KB
0 Kudos
Adity12
Collaborator
‎2022-04-07 06:31 AM
In response to the_rock

Hi @the_rock thanks for your explanation, i will checks first on that configuration.

This default right?  i mean this options, even in my lab this options already same like your advice.

Thanks Regards

Dio Aditya Pradana

0 Kudos
the_rock
Legend
Legend
‎2022-04-07 06:46 AM
In response to Adity12

You are right, it is default, but as a test, I would change fail mode to allow, push policy and test.

Andy

0 Kudos
Adity12
Collaborator
‎2022-04-11 03:26 AM
In response to the_rock

Hi @the_rock 

i have question about checkpoint online web service, do you know any SK related to this service?

 

And i just want to make this clear, i think when traffic going through security gateway, this service will hold this traffic for categorization? i think checkpoint online web service, work like this, CMIIW

If the categorization failed the traffic will not able going to destination right? and the result on user, web server doesn't appear.

 

Thank regards

Dio Aditya Pradana

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-04-11 04:41 AM
In response to Adity12

I think we're skipping over some fundamentals.

Before changing these settings can you please describe how your access & threat prevention policies are defined?

* Are URLF & AppC rules referencing a destination of internet (not any)?

* Are the web servers on the internal LAN or in the DMZ?

* What Threat Prevention exceptions do you have configured?

 

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend
‎2022-04-11 05:27 AM
In response to Chris_Atkinson

I totally agree @Chris_Atkinson . @Adity12 , if you could give us more details about what Chris mentioned, it would help. 

Andy

0 Kudos
Adity12
Collaborator
‎2022-04-11 12:18 PM
In response to Chris_Atkinson

@Chris_Atkinson  as far i know URLF & AppC rule is used on gateway cluster internet, and for web server is internal, am not sure about this, i will double check again.

Note: actually this case already resolved, but end user still want know the root cause this issue, so i think maybe you already see this issue before, for resolve this issue they just delete default routing from isp 2. ( they have 2 isp )

I hope thats makes sense.

 

Thanks Regards

Dio Aditya Pradana

0 Kudos
Adity12
Collaborator
‎2022-04-20 08:58 PM
In response to Chris_Atkinson

Hi @Chris_Atkinson,

Sorry for late response,

I will answer your question one by one:

1. Are URLF & AppC rules referencing a destination of internet (not any)? yes, AppC & URLF referencing a destination to internet.

2. Are the web servers on the internal LAN or in the DMZ? Internal LAN

3. What Threat Prevention exceptions do you have configured? for now only exception for IPS, to allow some traffic from Internet Banking

I hope thats make sense, if not let me know.

 

Thanks Regards 

Dio Aditya Pradana

0 Kudos
the_rock
Legend
Legend
‎2022-04-11 04:44 AM
In response to Adity12

Correct, thats default setting. What is your other question?

0 Kudos
the_rock
Legend
Legend
‎2022-04-07 05:30 AM

I agree with @Ruan_Kotze . Please check that setting and correct it if needed.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events