Hi all,
Some specs of our config:
- 2x Bluecoat / Symantec ProxySG S200-20 - SGOS 6.7.2.3 Proxy Edition
- 2x Bluecoat / Symantec Content Analysis S400-A1 – Version 2.2.1.1 Release ID: 207429
- 100MBit/s internet outbreak
- 1GB/s switched network between all componentes
Proxys are addressed via DNS round robbin and both CAS appliances are configured as ICAP service groups.
We use Kaspersky and Sophos as antivirus engines and have file reputation enabled.
Whenever we download a file, we only get like 100-200KB/s dowload speed independent from source (shown under current connections in our CAS).
I don't think that's a normal behavior.
If we build a proxy policy for non ICAP scanning for the specific file (URL), the download speed is like 5-8MB/s.
Any idea why downloads are processed so slow in the CAS?
I think the download has to be completed for a scan of the file, right? So i dont understand why the pure download of a file in the CAS should be that much slower.
Or are the antivirus engines already scanning while downloading the file? Even if, there shouldn´t be such a huge performance gap.
CPU and RAM are at ~30% average.
Please let me know if you have any ideas how to fix this issue or if you need more details about our configuration.
Best
Tobias