Antivirus & Antibot Blades Causing slow connection

ivanfsei123 · ‎2023-10-22

Hi All,

We are having slow connection on internal web applications when antivirus and antibot balde is enabled.

We already upgraded to R81.10 T110 but it didn't improve the performance when the threth prevention blades are enabled.

Thank you

G_W_Albrecht · ‎2023-10-22

sk98348: Best Practices - Security Gateway Performance

R81.10 Threat Prevention Administration Guide - Optimizing IPS

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Chris_Atkinson · ‎2023-10-22

Have you attempted to configure any TP exceptions to mitigate?

CCSM R77/R80/ELITE

the_rock · ‎2023-10-22

What @Chris_Atkinson said also came first to my mind when I read your issue. Its definitely something that could help.

Andy

Timothy_Hall · ‎2023-10-22

Anti-Virus is the second most likely Threat Prevention blade to cause performance and/or high CPU utilization issues after IPS. Anti-Bot is relatively low overhead and is probably not causing your issue.

Generally, you don't want traffic travelling between high-speed internal networks to be scanned with Anti-Virus unless you have a quite beefy firewall. There are two primary ways to ensure this does not happen, by creating a blade-based (not protection-based) exception or by adjusting the profile-based properties for the Anti-Virus blade which has many performance-impacting settings you should check. Here are the relevant pages from my Gateway Performance Optimization Course covering these topics which you should find helpful, the blade-based exception example shown is for IPS but will work for Anti-Virus too:

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Are you a member of CheckMates?

Antivirus & Antibot Blades Causing slow connection