Secure Web Gateway

Suggest, discuss, and vote on new ideas for Sophos Web Gateway. Complete web protection everywhere.

Suggest an Idea...

Change the behavior of querying DNS server, which are serialize at the moment

Customer figures that the SWA serializes DNS-queries and will only answer the 2nd when the 1st was answered or runs into a timeout.
The other day a dDOS was run agains the teamviewer nameservers, which then completely blocked the SWA.

URID[13516]: T=13516 7592 3 - [warn] aborting request after 44.039s with no SXL response
URID[13516]: T=13516 7594 3 - [warn] aborting request after 44.038s with no SXL response
URID[13516]: T=13516 7600 3 - [warn] aborting request after 44.038s with no SXL response
/USR/SBIN/CRON[20335]: (root) CMD (TZ=GMT /usr/sbin/logrotate /etc/logrotate.conf)
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 0 should have timed out 126125 ms ago\n
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 2 should have timed out 82086 ms ago\n
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 8 should have timed out 82086 ms ago\n
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 5 should have timed out 82086 ms ago\n
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 3 should have timed out 82086 ms ago\n
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 4 should have timed out 82086 ms ago\n
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 1 should have timed out 82086 ms ago\n
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 6 should have timed out 82086 ms ago\n
URID[13516]: T=13516 7577 3 - [warn] aborting request after 44.046s with no SXL response
URID[13516]: T=13516 7580 3 - [warn] aborting request after 44.045s with no SXL response
URID[13516]: T=13516 7582 3 - [warn] aborting request after 44.045s with no SXL response
URID[13516]: T=13516 7583 3 - [warn] aborting request after 44.045s with no SXL response
URID[13516]: T=13516 7584 3 - [warn] aborting request after 44.045s with no SXL response
URID[13516]: T=13516 ------ 3 - warning: emergency timer expired: start=2016-06-01T15:06:18.60 ttl=7.000s for http://http.00.a.sophosxl.net/V3.1/swa-6be53291-ba5b-a456-3759-e519fa8310be/01/1.znyjner-2svaqrkk-2rugzy.fbcubfgrfg.pbz.m/; canceling request
URID[13516]: T=13516 ------ 2 - Warning: LATE TIMEOUT: dns context 7 should have timed out 82088 ms ago\n

According to development this is normal behavior, and there are no plans to change it.

So the customer emphatically request the change of this behavior via Feature Request.

2 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Thomas Pernold shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.