Controllerless Networks

Reply

IAP Web Filter - Web Traffic Bogs Down

Hi all,

 

Weird problem, I have an IAP-115 deployment with 18 APs. Running 6.4.2.6-4.1.1 code. We have an SSID configured to use the internal DHCP server of the VC. We configured web filtering for adult/pornography websites to deny access and have an 'allow all' policy below that. 

 

When we try to browse to any website, the pages will not load or will load extremely slowly. If I move the allow all to the top, web pages load instantly. Tested DNS and ICMP to the internet successfully, pings had low latency. Tested on multiple devices and browsers. 

 

Any reason this might be happening? We want to use the IAP as a content filter, but not if it's going to prevent web browsing to approved sites.

 

Thanks.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: IAP Web Filter - Web Traffic Bogs Down

You mention 4.1.1.x  What is the X?  If you are not running .8, you should be to fix any apprf issues.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: IAP Web Filter - Web Traffic Bogs Down

We are running 4.1.1.8

 

We began with code 6.4.2.0 and the filtering was not working, so we upgraded to the latest GA release (above) thinking it would solve the problem, but it has not. Not sure what else to try.

 

I verified we could reach the web filtering cloud by testing a website in the CLI and it categorized it correctly.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: IAP Web Filter - Web Traffic Bogs Down

My guess would be to check to make sure the DNS server is robust. Beyond that I would just be guessing without the tech support.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: IAP Web Filter - Web Traffic Bogs Down

ok, they are using Windows Server (not sure which one) and I have never had this issue with it like this before. I may open a TAC case to investigate. I figured I would just give it a try here first. Was hoping it was a code bug and could migrate to previous code, but doesn't seem like that's the case.

 

Thanks for the help.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: IAP Web Filter - Web Traffic Bogs Down

You said you have the VC giving out addresses and of course Natting using the magic VLAN.  Have you tried just sending the traffic out without the magic VLAN?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: IAP Web Filter - Web Traffic Bogs Down

customer has flat network with every user and device in VLAN1 (/16). Customer currently does not own a layer 3 device to do routing between VLANs, so we need to use the IAP to keep the Guest network seperate.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Guru Elite

Re: IAP Web Filter - Web Traffic Bogs Down

Mharing,

 

That could be your issue.  For high performance instant networks, you normally want to try to isolate the management network of those devices.  How many devices do you think are on that /16?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: IAP Web Filter - Web Traffic Bogs Down

Hi everybody. I am facing the same problem with IAP205 running 6.4.2.6-4.1.1.8.

 

When I enable the web filter, the navigation does not happen and the page does not load or loads slowly, even if the web page is allowed to access.

 

I am not sure about what IP addresses that IAP use to check and request the category. As I read in the OpenDNS's web site, their DNS servers are 208.67.220.220 and 208.67.222.222. I have a router allowing this traffic and I could check the packets reaching the OpenDNS's servers and going back to the router without resctrictions.

Guru Elite

Re: IAP Web Filter - Web Traffic Bogs Down

Please open a tac case so that this can be observed on your environment.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: