Hey all, we have multiple appliances all running in a clustered envrionment.
Using WCCP to direct traffic to the boxes.
We have rules to bypass caching/malware scanning for files larger than 20MB.
However, multiple sites are reporting that when enabled the MWG's are slowing the download speeds of larger files.
I have reports of 300MBs down from 1GBs ?!
I have sent multiple captures to McAfee, plus worked with my local network team, but no-one has been able to determine what is going on.
We have a 100meg pipe, that is close to saturated. Captures reveal many ACKs, duplicate packets etc....
BUT still the users are sure there is something going on.
Has anyone ran into anything similar - or have any additional ideas of where we can look?
We are currently running v126.96.36.199.0
- J (stressed out IT guy)
(added pics of rules)Message was edited by: junshi on 3/1/11 2:04:43 PM CST
You are going to have to provide some pictures of your rule set.
How are you bypassing large files? There are a few ways to do this.
Are you authenticating users?
No authentication at this point (to keep it simple for troubleshooting the basics).
Cache bypass using: header.response.get "content.lenght"
Progress bypassed using: the same as the above, but this creates a user.defined.key that I use to bypass the Antimalware rule.
(Added rules to original post)
- JMessage was edited by: junshi on 3/1/11 2:18:51 PM CST