I have a 2811 running 12.4(24)T2 with Trend Micro content filtering located in China.
It is configured with both category filtering as well as local filtering.
Web site load times are unreasonably slow. If I add a site to the local whitelist (so that it doesn't access trend category server), page loads are much quicker. A page that may take 30 seconds to load would then take 10. (using firefox extension to measure load times)
It is caching as I can see cached URLs with "show policy-map type inspect zone-pair urlfilter cache detail", but it's still extremely slow when filtering.
parameter-map type trend-global global-param-map server trps.trendmicro.com cache-size maximum-memory 128000 cache-entry-lifetime 8
The 2811 points to trps.trendmicro.com which I think is located in the US. Ping times are in the 400-500 ms range
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 188.8.131.52, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 404/409/412 ms
Is there an asia-pac server to which I can point to?
Are there any other options (cachinng or other) to help with the speed of filtering?
I don't think there is an Asia located server. trps.trendmicro.com resolves to a couple of ip addresses but I think they are both hosted in US West coast. Indeed slowness in the response could be the cause of this.
I would suggest to check the "sh policy-map type inspect zone-pair urlfilter" showing slow response times and does it show cached pages. Just to make sure they are working.
As for static solution, no, because the router needs to ask Trend for each HTTP GET and there is no local server that can provide that functionality. 2.5sec that you have response time for every GET is going to slow down your pages.
So I believe we got to the root cause of this. I am afraid we don't have a good solution either though.
I will let other people to chime in if they have any other ideas.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...