SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004571: Slow HTTPS connections with Endian Firewall 2.5.2 - MantisBT
MantisBT - Endian Firewall
View Issue Details
0004571Endian FirewallProxy - HTTPpublic2013-09-18 09:092013-09-20 09:12
spewk 
 
normalminoralways
newopen 
2.5 
 
0004571: Slow HTTPS connections with Endian Firewall 2.5.2
Hi all,
after updating 3 installations of Endian Firewall, from version 2.5.1 to 2.5.2, i'm experiencing a really slow connection to HTTPS sites
i can experience this both with Windows XP and Windows 7, using Internet Explorer 8, 9 or 10
I haden't this problem with 2.5.1

Some clients are strangely not affected by this problem, but i haven't found any clue (they're using the same content filter, same firewall rules, same Internet Explorer config)

for example, if i try to connect to www.microsoft.com via HTTP it gets 3 seconds to have the full page displayed, if i try the HTTPS version it needs 20 seconds!

My configuration:
Endian firewall 2.5.2 on VmWare ESXi 4.1, with 2 CPUs and 2 gb RAM. 2 of them have the RED on Ethernet static, the other one is configured in Gateway mode.
AD Joined proxy with some sites open to everyone (no login) on Squid and other ones with AD groups + Dansguardian rules

The problem is occuring with both the "no login" and Dansguardian sites

Daniele
dansguardian, http, https, slow, squid
Issue History
2013-09-18 09:09spewkNew Issue
2013-09-18 09:11spewkTag Attached: http
2013-09-18 09:11spewkTag Attached: squid
2013-09-18 09:11spewkTag Attached: dansguardian
2013-09-18 09:11spewkTag Attached: https
2013-09-18 09:11spewkTag Attached: slow
2013-09-20 09:08luca-endianNote Added: 0008531
2013-09-20 09:12spewkNote Added: 0008532

Notes
(0008531)
luca-endian   
2013-09-20 09:08   
maybe a proxy.pac wpad.dat problem?
(0008532)
spewk   
2013-09-20 09:12   
They're not using any configuration script, just the manual proxy settings on IE (deployed via GPO)
Daniele