ProxySG & Advanced Secure Gateway

Hi,

we are experiencing slow file download speed, as per suggestion from support I have upgraded the proxy ASGOS from ASGOS version 6.7.3.13 to 6.7.4.13, but it did not make any difference. Tac support is saying I have not followed the correct upgrade path and suggested to downgrade to ASGOS version 6.7.3.13 and follow the correct path. Can anyone help me what is the correct upgrade path from ASGOS version 6.7.3.13 to 6.7.4.13?

regards,
sohail

Original Message:
Sent: 2/19/2021 4:27:00 PM
From: S.rashid
Subject: Proxy ASG Upgrade path

Hi,

we are experiencing slow file download speed, as per suggestion from support I have upgraded from ASGOS version 6.7.3.13 to 6.7.4.13, but I did not make any difference. Tac support is saying I have not followed the correct upgrade path and suggest to downgrade to ASGOS version 6.7.3.13 and follow the correct path. Can anyone help me what is the correct upgrade path from ASGOS version 6.7.3.13?

regards,
sohail

Hi S.rashid,

You are upgrade correct the upgrade path.

For about download slow, pls. checking about the tcp window size is more than old default 65535 or not? and RFC-1323 is already enable?
(cli_proxy#show tcp)
for about tcp window size, pls follow this KB: https://knowledge.broadcom.com/external/article?articleId=168804

Thank you and BR
Sakkarin Pichetskul

------------------------------
Thank you and BR
Sakkarin Pichetskul

System Engineer
nForce Secure Co.,Ltd. [Thailand]
------------------------------

Original Message:
Sent: 02-19-2021 04:27 PM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hi,

we are experiencing slow file download speed, as per suggestion from support I have upgraded from ASGOS version 6.7.3.13 to 6.7.4.13, but I did not make any difference. Tac support is saying I have not followed the correct upgrade path and suggest to downgrade to ASGOS version 6.7.3.13 and follow the correct path. Can anyone help me what is the correct upgrade path from ASGOS version 6.7.3.13?

regards,
sohail

Dear sakkarin,

Thanks for the response. The support guy closed my case just saying 'the upgrade path is not correct'. that was really not helpful sadly. can you help me with the downgrade. it is simply uploading the required SGOS and reboot or there is other way.

regards,

sohail
Original Message:
Sent: 03-01-2021 06:24 AM
From: sakkarin pichetskul
Subject: Proxy ASG Upgrade path

Hi S.rashid,

You are upgrade correct the upgrade path.

For about download slow, pls. checking about the tcp window size is more than old default 65535 or not? and RFC-1323 is already enable?
(cli_proxy#show tcp)
for about tcp window size, pls follow this KB: https://knowledge.broadcom.com/external/article?articleId=168804

Thank you and BR
Sakkarin Pichetskul

------------------------------
Thank you and BR
Sakkarin Pichetskul

System Engineer
nForce Secure Co.,Ltd. [Thailand]

Original Message:
Sent: 02-19-2021 04:27 PM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hi,

we are experiencing slow file download speed, as per suggestion from support I have upgraded from ASGOS version 6.7.3.13 to 6.7.4.13, but I did not make any difference. Tac support is saying I have not followed the correct upgrade path and suggest to downgrade to ASGOS version 6.7.3.13 and follow the correct path. Can anyone help me what is the correct upgrade path from ASGOS version 6.7.3.13?

regards,
sohail

Hello Shaikh,

Yeah the slowness is definitely because of proxy, because if i apply the magic script that download speed goes up to 8 MB/s, but with proxy it lower than 1 Mb/s.
Original Message:
Sent: 03-01-2021 06:24 AM
From: sakkarin pichetskul
Subject: Proxy ASG Upgrade path

Hi S.rashid,

You are upgrade correct the upgrade path.

For about download slow, pls. checking about the tcp window size is more than old default 65535 or not? and RFC-1323 is already enable?
(cli_proxy#show tcp)
for about tcp window size, pls follow this KB: https://knowledge.broadcom.com/external/article?articleId=168804

Thank you and BR
Sakkarin Pichetskul

------------------------------
Thank you and BR
Sakkarin Pichetskul

System Engineer
nForce Secure Co.,Ltd. [Thailand]

Original Message:
Sent: 02-19-2021 04:27 PM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hi,

we are experiencing slow file download speed, as per suggestion from support I have upgraded from ASGOS version 6.7.3.13 to 6.7.4.13, but I did not make any difference. Tac support is saying I have not followed the correct upgrade path and suggest to downgrade to ASGOS version 6.7.3.13 and follow the correct path. Can anyone help me what is the correct upgrade path from ASGOS version 6.7.3.13?

regards,
sohail

Hi S.rashid,

There could be some latency due to file scanning. If too many requests are going to the CAS side of the ASG at a given moment (traffic surge, etc), there may be some queuing that could add a little delay. In addition, maybe there is some other piece of the CAS side that is causing delay. 

File scanning would be one of the components that is disabled with the magic script. I would try and narrow the issue down further by testing (if in accordance to your organizations security policy of course) with the test user having scanning disabled, but none of the additional magic script components disabled. That will help you know if it is the CAS side of things that is causing the latency.

Other things to consider, with the same download settings you had prior, did you have faster speeds? and if so, is there something that changed? or do you notice a difference at different times of the day?

Thanks,
Original Message:
Sent: 03-03-2021 01:30 AM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hello Shaikh,

Yeah the slowness is definitely because of proxy, because if i apply the magic script that download speed goes up to 8 MB/s, but with proxy it lower than 1 Mb/s.
Original Message:
Sent: 03-01-2021 06:24 AM
From: sakkarin pichetskul
Subject: Proxy ASG Upgrade path

Hi S.rashid,

You are upgrade correct the upgrade path.

For about download slow, pls. checking about the tcp window size is more than old default 65535 or not? and RFC-1323 is already enable?
(cli_proxy#show tcp)
for about tcp window size, pls follow this KB: https://knowledge.broadcom.com/external/article?articleId=168804

Thank you and BR
Sakkarin Pichetskul

------------------------------
Thank you and BR
Sakkarin Pichetskul

System Engineer
nForce Secure Co.,Ltd. [Thailand]

Original Message:
Sent: 02-19-2021 04:27 PM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hi,

we are experiencing slow file download speed, as per suggestion from support I have upgraded from ASGOS version 6.7.3.13 to 6.7.4.13, but I did not make any difference. Tac support is saying I have not followed the correct upgrade path and suggest to downgrade to ASGOS version 6.7.3.13 and follow the correct path. Can anyone help me what is the correct upgrade path from ASGOS version 6.7.3.13?

regards,
sohail

Hello Jacob,

Thank you very much for the detail suggestions. The upgrade is really important because we have to install the ABRCA Root CA Certificate on ASG, for that the minimum ASOG should be 6.7.5.10. the details are given in below article from broadcom.
Update the ABRCA Root CA Certificate on Advanced Secure Gateway Appliances (Revised: March 9, 2021) (broadcom.com)

The TAC team has suggested below:
I should downgrade from my current version 6.7.4.13 to 6.7.3.13 and then upgrade to 6.7.4.3 (As i did not followed correct path to upgrade previously). From there I can upgrade to any version. I need to know if factory restore is required for the downgrade or I can just reboot with the older version? If I am going for factory restore, I have to do all the configuration again?

Regards,

sohail
Original Message:
Sent: 03-03-2021 12:59 PM
From: Jacob M
Subject: Proxy ASG Upgrade path

Hi S.rashid,

There could be some latency due to file scanning. If too many requests are going to the CAS side of the ASG at a given moment (traffic surge, etc), there may be some queuing that could add a little delay. In addition, maybe there is some other piece of the CAS side that is causing delay.

File scanning would be one of the components that is disabled with the magic script. I would try and narrow the issue down further by testing (if in accordance to your organizations security policy of course) with the test user having scanning disabled, but none of the additional magic script components disabled. That will help you know if it is the CAS side of things that is causing the latency.

Other things to consider, with the same download settings you had prior, did you have faster speeds? and if so, is there something that changed? or do you notice a difference at different times of the day?

Thanks,
Original Message:
Sent: 03-03-2021 01:30 AM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hello Shaikh,

Yeah the slowness is definitely because of proxy, because if i apply the magic script that download speed goes up to 8 MB/s, but with proxy it lower than 1 Mb/s.
Original Message:
Sent: 03-01-2021 06:24 AM
From: sakkarin pichetskul
Subject: Proxy ASG Upgrade path

Hi S.rashid,

You are upgrade correct the upgrade path.

For about download slow, pls. checking about the tcp window size is more than old default 65535 or not? and RFC-1323 is already enable?
(cli_proxy#show tcp)
for about tcp window size, pls follow this KB: https://knowledge.broadcom.com/external/article?articleId=168804

Thank you and BR
Sakkarin Pichetskul

------------------------------
Thank you and BR
Sakkarin Pichetskul

System Engineer
nForce Secure Co.,Ltd. [Thailand]

Original Message:
Sent: 02-19-2021 04:27 PM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hi,

we are experiencing slow file download speed, as per suggestion from support I have upgraded from ASGOS version 6.7.3.13 to 6.7.4.13, but I did not make any difference. Tac support is saying I have not followed the correct upgrade path and suggest to downgrade to ASGOS version 6.7.3.13 and follow the correct path. Can anyone help me what is the correct upgrade path from ASGOS version 6.7.3.13?

regards,
sohail

Hi Sohail,

The first thing to note is that you haven't followed an incorrect upgrade path, it is ok to have gone from 6.7.3.13 to 6.7.4.13. You don't have to go to 6.7.4.3 first, it just has to be to 6.7.4.3 or later before jumping to SGOS 7 which you aren't planning to use at the moment anyway. The path you have taken is highly unlikely to have caused the slow download speeds. You can upgrade directly from 6.7.4.13 to 6.7.5.10 and back again if needed.

Regards
Paul
Original Message:
Sent: 03-25-2021 05:34 AM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hello Jacob,

Thank you very much for the detail suggestions. The upgrade is really important because we have to install the ABRCA Root CA Certificate on ASG, for that the minimum ASOG should be 6.7.5.10. the details are given in below article from broadcom.
Update the ABRCA Root CA Certificate on Advanced Secure Gateway Appliances (Revised: March 9, 2021) (broadcom.com)

The TAC team has suggested below:
I should downgrade from my current version 6.7.4.13 to 6.7.3.13 and then upgrade to 6.7.4.3 (As i did not followed correct path to upgrade previously). From there I can upgrade to any version. I need to know if factory restore is required for the downgrade or I can just reboot with the older version? If I am going for factory restore, I have to do all the configuration again?

Regards,

sohail
Original Message:
Sent: 03-03-2021 12:59 PM
From: Jacob M
Subject: Proxy ASG Upgrade path

Hi S.rashid,

There could be some latency due to file scanning. If too many requests are going to the CAS side of the ASG at a given moment (traffic surge, etc), there may be some queuing that could add a little delay. In addition, maybe there is some other piece of the CAS side that is causing delay.

File scanning would be one of the components that is disabled with the magic script. I would try and narrow the issue down further by testing (if in accordance to your organizations security policy of course) with the test user having scanning disabled, but none of the additional magic script components disabled. That will help you know if it is the CAS side of things that is causing the latency.

Other things to consider, with the same download settings you had prior, did you have faster speeds? and if so, is there something that changed? or do you notice a difference at different times of the day?

Thanks,
Original Message:
Sent: 03-03-2021 01:30 AM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hello Shaikh,

Yeah the slowness is definitely because of proxy, because if i apply the magic script that download speed goes up to 8 MB/s, but with proxy it lower than 1 Mb/s.
Original Message:
Sent: 03-01-2021 06:24 AM
From: sakkarin pichetskul
Subject: Proxy ASG Upgrade path

Hi S.rashid,

You are upgrade correct the upgrade path.

For about download slow, pls. checking about the tcp window size is more than old default 65535 or not? and RFC-1323 is already enable?
(cli_proxy#show tcp)
for about tcp window size, pls follow this KB: https://knowledge.broadcom.com/external/article?articleId=168804

Thank you and BR
Sakkarin Pichetskul

------------------------------
Thank you and BR
Sakkarin Pichetskul

System Engineer
nForce Secure Co.,Ltd. [Thailand]

Original Message:
Sent: 02-19-2021 04:27 PM
From: sohail rashid
Subject: Proxy ASG Upgrade path

Hi,

we are experiencing slow file download speed, as per suggestion from support I have upgraded from ASGOS version 6.7.3.13 to 6.7.4.13, but I did not make any difference. Tac support is saying I have not followed the correct upgrade path and suggest to downgrade to ASGOS version 6.7.3.13 and follow the correct path. Can anyone help me what is the correct upgrade path from ASGOS version 6.7.3.13?

regards,
sohail