cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2644
Views
0
Helpful
7
Replies

WSA HTTPS interception slow upload

askaerr
Level 1
Level 1

Hi,

Currently I'm doing a WSA project at a customer with HTTPS interception. I've noticed when doing uploads over HTTPS (fe google drive or wetransfer), the performance is very poor. Uploading a file over intercepted HTTPS goes at a rate of about 1,5Mbps. When I do the same upload (same file and same online service) without interception, it goes at about 50Mbps.

HTTP uploads and intercepted HTTPS downloads also go at normal speeds. The performance hit is present on both S380 appliances and they are currently only being used for testing (no load). I also tried disabling CDS and outbound malware scanning without results.

Has anybody seen this difference in BW for uploads over intercepted HTTPS? Should I consider it as normal?

Kr

7 Replies 7

Tao Yang
Cisco Employee
Cisco Employee

We haven't heard the same from other customer yet. Can you please run packet capture at WSA without any filter for HTTPs decryption enable and disable one and then compare them to see if you can find any clue?

We're doing explicit proxy and the WSA appliances are on 9.0.1-162. Disabling authentication for a specific IP address as a test did not show any improvements.

In fact it seems we're only experiencing these issues with Google Drive. No difference is noticed (in comparison with the old non-intercepting proxy) when using wetransfer or dropbox.

I've tried comparing packet captures when doing interception and when not but can't seem to find any hints in there.

Thanks for your update. As I could not reproduce this issue, would you please try the following steps to narrow down this issue.

1. Disable "Decrypt for Application Detection" in HTTPs proxy settings if it is enabled.

2. Try deploying another version virtual WSA to test it again to see if it is only happening on this specific version.

Please feel free to open a new Cisco TAC case and we do provide 24x7x365 support.

Hope it helps.

Thanks for your suggestions.

1. The "Decrypt for Application Detection" feature was disabled but no results, the upload speeds remain very slow.

2. I did not find the time yet to test with a virtual WSA on a different version but will try to do so next week.

In the meanwhile I logged a case at the Cisco PDI helpdesk (Cisco TAC did not want to take the case because it's a new setup) but no progress yet.

See the following the thread.

https://supportforums.cisco.com/discussion/12485001/wsa-slowing-upload-speed-half

Thanks for the tip.

I tried to disable the Data Security Policy but no change in behavior. Also upgraded to 9.1.1-074 but no difference. PDI closed the case and I"m not working with TAC to check what we can do.

RoadRunner4k
Level 1
Level 1

How do you authenticate users? and which AsyncOS version are you using? I have experienced something similar to what you see.

All HTTPS traffic was slow in our case, and this was due to authentication issues.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: