ProxySG & Advanced Secure Gateway

Expand all | Collapse all

Bandwidth Gain

  • 1.  Bandwidth Gain

    Posted 15 days ago
    Hi All,

    On a pair of SG's running in explicit mode using SGOS 6.7.5.10, we are seeing significant bandwidth gain the in the traffic mix and history statistics, indicating caching is effective. The thing is that caching is disabled for all content in the policy, so I can't really explain what we are seeing and wondered if anyone had come across this.

    Regards
    Paul Riddington


  • 2.  RE: Bandwidth Gain

    Broadcom Employee
    Posted 10 days ago
    Hi Paul,

    Without knowing much more, a couple thoughts.

    First, what is meant by caching is disabled? "Do Not Cache" will tell the ProxySG not to add a site to cache, but it will not stop ProxySG from pulling from cache. "Bypass cache" will prevent a site from being served from cache.

    The other thought I have is does the end customer have a Cachepulse subscription? I could see a rule where everything is set to "Do Not Cache" but Cachepulse is updating the most common sites, and if there is no "bypass cache" rule in place, nothing to stop the ProxySG from pulling from cache.

    Just throwing that out as a possibility.

    Hope that helps!



  • 3.  RE: Bandwidth Gain

    Posted 10 days ago
    Hi Jacob,

    Thanks for your reply.

    We are using "do not cache" in the web content layer which means not caching response content and also deleting any existing cache entries as per The differences between cache(no) and bypass_cache(yes).

    Actually, we discovered this issue had nothing to do with caching anyway. At the weekend, we found that a client application was seemingly making 10's of 1000's of requests to the SG which were all failing authentication. So the proxy service was intercepting them, but going no further because of the failing auth, hence the amount of client side traffic only. We further discovered that that this was an auth loop, so each time a client made the request and failed auth, it just kept trying over and over and over. We added the 2 destinations involved to the auth bypass list, and the problem was solved.

    Regards
    Paul


  • 4.  RE: Bandwidth Gain

    Broadcom Employee
    Posted 6 days ago
    Edited by Jacob 6 days ago
    Hi Paul,

    That is interesting. I wouldn't of thought of that. I guess that makes sense if all the ProxySG is doing is computing a ratio between client side and server side traffic volume. I'll definitely keep that as something to look at in the future

    Thanks for sharing!


  • 5.  RE: Bandwidth Gain

    Posted 6 days ago
    You are welcome, I guess this is what the community is for :)

    Regards
    Paul