I am currently in the testing phase of deploying MWG 7.X and I have hell a lots of issues with web sites loading problem. Of course I have the following policies:
a) URL filtering
b) Media Type filtering (Only audio & video's)
c) Malware scanning
a) Those websites with flash does not load at the first attempt, have to refresh the browser then it displays. Some time even after refresh the content does not display
b) Certain websites does display the content, but the alignment is totally staggered and some of the images are not being displayed. Same thing, after refresh sometimes can display the web site and sometimes cannot.
c) While browsing most of the web sites, in IE always there is an error icon in IE displays (attached file, IE_err.jpg), once this is shown, the web site will not be displayed properly
d) On top of all these, the performance is pathetic, We have a 6M internet pipe and the browsing experience thru MWY is extremely slow. I have event tried to disable all the policies, even then the performance does not improve significantly.
I did suspect some thing to do with cache and even disabled the cache and tried, but no help.
If anyone has any suggestion to improve my situation it will be highly appreciated.
Flash is a streaming media type, therefore it is difficult to be proxied. We have bypass rules in the library, which today require the full object to be loaded in order to make a decision on the bypass. The browser waits..waits...waits and then gives up, thus wrongly rendered pages. I suggest changing this rule from the one in blue to the one in the foreground and retry.
Thanks Michael, will try and let you know the outcome.
BTW, I see some rule set related to Skype and facebook, are you able to share if that plays a part in controling those access?
Today before I left office, I was working on the flash download issue, and I realised that only when I disable the antimalware scanning, flash is able to display at the first attempt.
Looks like "Gateway Antimalware" - "Block if Virus was Found" seem to be the culprit. I have tried my best to play around the settings for "Gateway Antimalware" but with vain it doesn’t seem to improve the situation. The moment the rule "Block if Virus was Found" is turned off, a tremendous improvement in web site loading is being experienced.
Your suggestion/best practices will be much appreciated.
What happens when you call http://www.burjkhalifa.ae/Portals/0/BurjDubai/flash/home_shell.swf directly?
Do you have any script filtering related rules enabled? HTML filter?
When I call this page (http://www.burjkhalifa.ae/Portals/0/BurjDubai/flash/home_shell.swf) the flash object is being downloaded (in the progress page window). When I disabled the progress page and tried, the flash is able to be displayed in a reasonable time.
I do not have HTLM Filter, nor any script filter enabled in the ruleset.
We are comming closer It seems we have a timing/connection-speed issue!
I don't know how speedy your internet connection is to the servers in question, but it seems that MWG has decided to start progress pages to get the content, whereas here it takes a second to load. Have you modified the progress pages in any way? Mine is set to start after 5 seconds download time aka "Delay for redirects to progress page". Try to increase that to 10 in the settings under Policy > Settings > Enable Progress Page.
What happens is:
Browser asks for flash
Timer ticks to long (+5 secs)
MWG thinks that loading the object is taking too long and triggers progress pages
Browser receives progress page instead of flash and gets 'upset'
as said - enlarge progress page timer
create a whitelisting entry for progress pages for flash:
No significant improvement after increasing the delay to 10min, still have to refresh the browser to get the flash. When the browser tries and since the flash did not load there is an err in IE (bottom left) "Error on page".
Looking at the progress page rule, the creiteria Header.Request.Get (String)-matches-regex(.*mozilla.*), I suppose this refers to Mozilla browsers, how abt IE?
We have 6M internet pipe and I am trying the same website without passing thru the MWG, direct access to internet and as you mentioned it just loads swiftly.
I don’t remember changing the progress page settings, may I have the default values, if in case.
One more, by changing the delay in the progress page to 10sec, will this have a global effect?