https proxy issues

Since 12.5.1 (M4600) we are experiencing some really bad delays and TLS timeouts on https sites. Got a call with TAC , but no progress so far. Anyone else having issues?
Bypassing the proxy and using a packet filter and everything is fine.
SSL Inspection is off so its not doing a lot of work.

--
WatchGuard M4600 (x2 Cluster)
WatchGuard M640 (x2 Cluster)
Firmware : 12.8

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Abertay,

    Thanks for writing.

    For a technical issue like this, the support incident will usually be the best/fastest way for this to be resolved.

    I haven't seen any reports of issues with TLS handshake timeouts for 12.5.1, however, issues like this tend not to be in the forums due to the complexity.

    If you can let me know the case number (either via reply or PM) that you'd opened, I can have the support team check to see if the case has been escalated and/or have it assigned to a different technician to help move it along more quickly.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • Are you using webblocker? We noticed some slowdowns yesterday which was caused by this, our solution was to spin up a VM and host it ourselves.

  • We've seen some similar issues. Our VoIP provider has a portal that let's employees see who is active on a phone call when logged in. I've had reports of the portal timing out but if I use a packet filter it's fine. I also noticed if I'm listening to iHeart Radio, it will drop out at exactly the same time the portal times out. We're on 12.5 currently. I also didn't see anything related to proxy fixes in 12.5.1 and WatchGuard support didn't suggest updating to it when I opened a case.

  • Thanks James, its been escalated to engineering now who are looking into it.
    We've had to temporarily move most of the major websites to packet filter policies so they remain stable. I'm still wondering if this is a knock-on affect of the NAT issue in 12.5 / 12.5.1 as we now have nearly 7000 users going through a single Nat pool...

    --
    WatchGuard M4600 (x2 Cluster)
    WatchGuard M640 (x2 Cluster)
    Firmware : 12.8

  • Same here! Since 12.5 (12.5.1 now) on M300 we have bad delays and TLS timeouts on https connections. Using a packet filter or disabling it everything is fine.

  • Same here. Things were working very well until 12.5.1. I've had to set numerous sites to Allow vs Inspect that used to work perfectly fine before 12.5.1.

  • Same issues here, only started after the 12.5.1 update. We thought it was just us so thanks for posting!

  • We have experienced similar issues since 12.5.1. The problem appears to be TLS handoff related from the HTTP proxy. We found the issue appears to be unrelated to the HTTPS proxy, as one site experiencing the issue only had a HTTP proxy enabled.

  • I don't know if this will help anyone else but following a discussion with a Watchguard reseller, we have been advised to recreate the https proxy rule which we hadn't done since 2015. So far, this appears to have sorted the issue, but it was intermittent but has been ok for over a week now.

    HTH

    Chris

  • Was this resolved? Having a similar problem with m4600.

  • For the record, what XTM version are you running?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AOsborne

    There are quite a few issues that have happened, been found, and resolved. The specific issue was fixed.
    -Ensuring that you're on the latest version of fireware will ensure that you're not running into that bug.

    If you are still having an issue, i'd suggest opening a case with support so they can get more specific information about your specific problem, and help fix it.

    Thank you.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.