You mention 4.1.1.x  What is the X?  If you are not running .8, you should be to fix any apprf issues.

We are running 4.1.1.8

We began with code 6.4.2.0 and the filtering was not working, so we upgraded to the latest GA release (above) thinking it would solve the problem, but it has not. Not sure what else to try.

I verified we could reach the web filtering cloud by testing a website in the CLI and it categorized it correctly.

ok, they are using Windows Server (not sure which one) and I have never had this issue with it like this before. I may open a TAC case to investigate. I figured I would just give it a try here first. Was hoping it was a code bug and could migrate to previous code, but doesn't seem like that's the case.

Thanks for the help.

You said you have the VC giving out addresses and of course Natting using the magic VLAN.  Have you tried just sending the traffic out without the magic VLAN?

customer has flat network with every user and device in VLAN1 (/16). Customer currently does not own a layer 3 device to do routing between VLANs, so we need to use the IAP to keep the Guest network seperate.

Mharing,

That could be your issue.  For high performance instant networks, you normally want to try to isolate the management network of those devices.  How many devices do you think are on that /16?

Hi everybody. I am facing the same problem with IAP205 running 6.4.2.6-4.1.1.8.

When I enable the web filter, the navigation does not happen and the page does not load or loads slowly, even if the web page is allowed to access.

I am not sure about what IP addresses that IAP use to check and request the category. As I read in the OpenDNS's web site, their DNS servers are 208.67.220.220 and 208.67.222.222. I have a router allowing this traffic and I could check the packets reaching the OpenDNS's servers and going back to the router without resctrictions.