Issue
- You experience a slow down in web browsing when using the Sophos UTM as a Web proxy.
- Sometime you see the high latency, slow web browsing when enable Web filtering in Sophos UTM.
Best practice
- Update to newest version of Sophos UTM (current is 9.3xx)
- Download the Content Filtering Database to local Memory (RAM). This method is not Sophos official
- Faster URL checking by category
- Reduce bandwidth usage
- Reduce connection to Internet from the devices
- Higher web filter performance
Important notes
- That’s not official, you do it with your risk.
- Revert to default setting: cc set http sc_local_db none
- When you disable/enable the web proxy, database will download again.
- If you set local database in “disk”, the CPU 100% maybe occur because of the high HDD reading.
- The UTM recommends more than 4GB or 8GB Memory
- The local content filtering database is stored in HDD, cached in RAM
How to do
1. Enable Shell Access
Management > System Settings > Shell Access > Set password for loginuser and root.
Allow network: Your local LAN > Click Apply
2. SSH to the UTM
Using Putty software to SSH to the UTM
Login as: loginuser
Type “su” to go to root mode
3. Verify DB settings
cc get http sc_local_db
4. Set the database as local
cc set http sc_local_db mem
5. Reload the HTTPPROXY service
/var/mdw/scripts/httpproxy restart
6. Verify first DB download
Web surfing will be stopped until done – about 380-400 MB
ls -lh /var/chroot-http/var/pattern/sfcontrol
7. Verify DB in Memory
8. Command options:
cc set http sc_local_db [none,disk,mem]
none – default, don’t use local categorization at all use online query as default.
disk – use local Database, but use it only on disk. Useful for boxes with little RAM.
mem – use local Database, and keep it in memory for faster access.
Hi, how is this updated? do i need this daily set to download DB?
DB will automatic update, you do it one time ok!
Hi, I have some question:
– Will database downloaded when using command “cc set http sc_local_db mem” or database must download before and imported to UTM ?
– Have any interupt system UTM when change setting database local to memory if system is running online ?
Thank you
1. Database will download after type command and restart HTTP proxy service.
2. On first time downloading, the Web proxy will not work. So you will get downtime for web surf (about 20′, depend the internet line)
Wow, thank you for this tip. Making the discussed changed seems to have really improved my web surfing performance. Are there any other tweaks like this one? Thank you very much for this tweak and also for any additional tweaks you may provide.
Excellent write up. I just read that they have changed some things. Is is still worthwhile doing the local content filter mod? I just built a software UTM with 16GB of RAM and a 512GB SSD so I’ve got plenty of space for it. Either in RAM or on disk.
Here’s what I’m talking about…
http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests/suggestions/178336-websecurity-local-content-filter-database
Thanks.