09-17-2009 09:46 PM
1.When I enable UTM policies internet surfing gets dead slow. Why?
2. How to Block Application sets- Like Peer-peer sites,KAAZAA,edonkey,limewire.
3. Logging - How can I get detailed logging for ip based website access
Solved! Go to Solution.
09-18-2009 01:40 AM
1) Try this in you config
set security flow traceoptions file flowtrace size 5 files 2
set security flow traceoptions flag basic-dtapath
set security packet-filter my_filter source-prefix <source-ip>
Then try to browse and look in the output from the trace with show log flowtrace to see what's going on.
when you're ready: rollback 1 to disble the tracing
2) In the IDP module you can do application recognition en set the block action
3) set logiing to your policy and review in the rtlogd log file.
To enable loging set log session-close on the permit level of the policy (then log session-close)
To view the log: show log rtlogd
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
09-24-2009 11:45 PM
How much BW do you have for your Internet connection? Reason I ask is if you are constantly utilizing max bandwidth then your SurfControl web-filtering check traffic will also need to contend with that traffic. SurfControl will use UDP 9020 so it could take some time before the UF receives a response which will slow down your web surfing. One thing that can be done to help is to maximize your cache size and duration to decrease the amount of UF traffic, though that really would only help if you surf same sites constantly. If I find any other things that could help, I'll let you know.