I have been working with Sidewinders off and on for 15years. From back in the Borderware years, to SecureZone, and Sidewinder versions 6 and 7. Version 7 is solid and is working fine for us, but our hardware is EOL so we decided to get new appliances with version 8 about 9 months ago. In the last 9 months I have fought with version 8, trying all the new (to us) features, SmartFilter, Logon Collector, Active Directory integration, Web Reporter, Global Threat Intelligence. I have all the bugs and problems ironed out except one.
I like what they’ve done in Version 8 with Applications – it should be very powerful, but there is a serious problem in how the http proxy determines what application the traffic matches. This can be seen on busy websites like newspapers with many ads and statistics tracking embedded html. When the http proxy (or application) doesn’t match the traffic, something is hanging or timing out. Multiply this by dozens of ads and other embedded html links and these pages are unusable. Attached is an example of traffic getting denied because the Application is <Unknown TCP>. Normally when this is not working, the browser will just sit with a blank white screen for a few minutes, spinning, “waiting for whatever.com…” and then the page may or may not appear, maybe partially appear (pictures broken) or maybe the html stylesheet will not load and you get just a text representation of the page. Stranger yet, I can usually replicate it pretty quickly, but sometimes it will work fine for several hours. The problem always comes back though, and it's not just one website.
If I disable GTI and App Defenses, SmartFilter, and anti-virus, it works a little better but still not good enough to put in a production environment at my company. I’ve worked with support on this for hours, it is escalated to Engineering, but they don’t have a root cause. So the question is, is anyone using Version 8 in production with SmartFilter, GTI, Anti-Virus, etc. all enabled? I’ve been patching when new patches come out and the problem remains. I’m thinking about going back to version 7 so I’m looking for any advice or discussion on this.
Thanks for reading this far!
Message was edited by: danob on 8/9/12 4:35:34 PM CDT
audit view.JPG 179.7 K